Project

General

Profile

Actions
Copy link

Bug #2362

closed

rule reload with workers mode and NFQUEUE not working stable

Added by Andreas Herz over 6 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Alexander Gozman
Target version:
4.1.3
Affected Versions:
Effort:
Difficulty:
Label:

Description

If you run the IPS mode with NFQUEUE (with --queue-balance) and the workers mode the rule reload with SIGUSR2 might not succeed:

In detect-engine.c packets are injected in every thread to swap to the new ruleset, but this won't happen in runmode workers since there are no incoming queues inq. We then wait for every thread to receive the new rules which could take ages on systems with small amount of traffic since the queue balance from NFQUEUE is not perfectly distributed.

One workaround is to inject packets with iptables but the proper solution would be inject those within the runmode. Any suggestions on how to approach this issue?

Related issues 1 (0 open1 closed)

Copied to Suricata - Bug #2824: rule reload with workers mode and NFQUEUE not working stable (4.0.x)ClosedVictor JulienActions
Actions
Copy link
 #1

Updated by Victor Julien over 6 years ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Victor Julien over 6 years ago

I think this could be solved in a similar way as in pfring: by calling TmThreadsCaptureInjectPacket in this case.

Actions
Copy link
 #3

Updated by Victor Julien about 5 years ago

  • Status changed from New to Closed
  • Assignee changed from OISF Dev to Alexander Gozman
  • Target version changed from TBD to 4.1.3
Actions
Copy link
 #4

Updated by Victor Julien about 5 years ago

  • Copied to Bug #2824: rule reload with workers mode and NFQUEUE not working stable (4.0.x) added
Actions
Copy link

Also available in: Atom PDF