Project

General

Profile

Actions

Bug #1023

closed

block rule reloads during delayed detect init

Added by Victor Julien about 11 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Currently we can start a rule reload while doing delayed detect initialization.

[22326] 3/11/2013 -- 08:28:52 - (suricata.c:927) <Notice> (SCPrintVersion) -- This is Suricata version 2.0dev (rev 64f5129)
[22326] 3/11/2013 -- 08:28:52 - (app-layer-htp.c:224) <Warning> (HTPLookupPersonality) -- [ERRCODE: SC_WARN_OPTION_OBSOLETE(233)] - Personality Apache_2_2 no longer supported by libhtp, failing back to Apache2 personality.
[22326] 3/11/2013 -- 08:28:52 - (util-profiling.c:219) <Warning> (SCProfilingInit) -- [ERRCODE: SC_WARN_PROFILE(204)] - lock profiling not compiled in. Add --enable-profiling-locks to configure.
[22326] 3/11/2013 -- 08:28:56 - (tm-threads.c:2191) <Notice> (TmThreadWaitOnThreadInit) -- all 4 packet processing threads, 3 management threads initialized, engine started.
[22326] 3/11/2013 -- 08:28:56 - (detect.c:406) <Warning> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/files.rules
[22326] 3/11/2013 -- 08:29:03 - (detect.c:406) <Warning> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/icmp.rules
[22404] 3/11/2013 -- 08:35:40 - (detect-engine.c:406) <Notice> (DetectEngineLiveRuleSwap) -- rule reload starting
[22404] 3/11/2013 -- 08:35:43 - (detect.c:406) <Warning> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/files.rules
[22404] 3/11/2013 -- 08:35:50 - (detect.c:406) <Warning> (SigLoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/icmp.rules
[22326] 3/11/2013 -- 08:37:00 - (util-threshold-config.c:384) <Warning> (SetupSuppressRule) -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2013296, gid 1: unknown rule
[22326] 3/11/2013 -- 08:37:00 - (util-threshold-config.c:384) <Warning> (SetupSuppressRule) -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2013296, gid 1: unknown rule
[22326] 3/11/2013 -- 08:37:00 - (util-threshold-config.c:384) <Warning> (SetupSuppressRule) -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2003614, gid 1: unknown rule
[22326] 3/11/2013 -- 08:37:00 - (util-threshold-config.c:384) <Warning> (SetupSuppressRule) -- [ERRCODE: SC_ERR_EVENT_ENGINE(210)] - can't suppress sid 2009389, gid 1: unknown rule
[22326] 3/11/2013 -- 08:37:00 - (suricata.c:2144) <Notice> (main) -- Signature(s) loaded, Detect thread(s) activated.

It looks like things are mixed, we should block the reload just to be sure.

Actions

Also available in: Atom PDF