Actions
Bug #2646
closedsuricata-update fails when suricata is running because the TCP connection is closed incorrectly
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:
Description
Software
----------------
----------------
----------------
----------------
- Ubuntu 18.04.1 LTS
- Kernel 4.15.0-33-generic #36-Ubuntu SMP
- Suricata 4.0.5 RELEASE
----------------
- Suricata is running in IPS mode (NFQ)
- Rules are only set to alert, not to block (blocking does work btw)
The problem
----------------
When running suricata-update the process blocks while trying to download a file. This only happens when suricata is running. If I stop suricata and re-run suricata-update everything goes fine.
I do not experience any other noticable networking problems while suricata is running.
Network analysis----------------
- When suricata is disabled the server ends the connection with the FIN flag, the client responds with the RST flag
- When suricata is enabled the client closes the connection with the FIN flag, the server responds with FIN/ACK but the clients ignores these causing retransmissions
The original PCAP files can be found in the attachments.
Files
Actions