Cisco Bug: CSCvt52607 - Reduce SSL HW mode flow table memory usage to reduce the probability of Snort going in D state
Sep 03, 2020
- Sourcefire Defense Center
Known Affected Releases
6.4.0 126.96.36.199 188.8.131.52
Symptom: snort was using excess memory than what was allotted to it and it was going in swap, possibly resulting in D-state fault. Conditions: SSL HW mode policy or CaptivePortal policy must be present. Per-snort memory grows to be higher than its budget. Normal high load traffic does not cause this issue. There must be some TCP irregularities involved such as dropped packet - that will stimulate the SSL flow table to grow beyond budget because it is not closing flows in a timely manner.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases