Project

General

Profile

Actions

Bug #2703

closed

Download Timeout

Added by Kenneth Kolano about 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

If downloads fail it seems Suricata-Update can hang. For instance, a DL stuck at 99% here has left an update hung for >30min.

2018-11-21 23:45:21,436 - <INFO> - Fetching https://rules.emergingthreats.net/blockrules/emerging-tor.suricata.rules.
  99% - 475136/476129

This effects the 1.0.0 release bundled in Suricata, though that seems to be missing from the "Affected Versions" drop down here.

Actions #1

Updated by Jason Ish about 6 years ago

  • Tracker changed from Feature to Bug
  • Affected Versions 1.0.0 added
Actions #2

Updated by Shivani Bhardwaj about 6 years ago

  • Assignee changed from Jason Ish to Shivani Bhardwaj
Actions #3

Updated by Kenneth Kolano about 6 years ago

A repeated case of this did seem to timeout today...

2018-11-29 20:00:17,283 - <INFO> - Fetching https://rules.emergingthreats.net/open/suricata-4.1.0/emerging.rules.tar.gz.
  99% - 2293760/2303298
ERROR!: Suricata-Update timed out, retrying.

...unclear what differentiated this run from the one that hung.

Actions #4

Updated by Jason Ish about 6 years ago

It doesn't look liks this error message:

ERROR!: Suricata-Update timed out, retrying.

Are you running it in some wrapper that may timeout and kill the app itself?

I'm also curious why you are timing out on this rule source? Is it a usual occurrence? Does it ever successfully complete?

Actions #5

Updated by Kenneth Kolano about 6 years ago

Ah yes, sorry, that timeout is from the "timeout" command I added to ensure Suricata-Update updates didn't just remain hung...

timeout 15m sudo suricata-update

Updates do usually complete successfully, but I sometimes see these odd hangs occur.

I have been seeing some networking issue unrelated to Suricata with installs of Ubuntu 16 on a Virtualbox VM. Where some DNS queries arbitrarily seem to fail. Revising to using Google DNS rather than my ISPs seemed to resolve most of that, but I suspect something related to that is still broken and may be cropping up here.

In any case, it seems Suricata-Update may need to better account for these sorts of download failures to avoid becoming hung up.

Actions #6

Updated by Jason Ish about 6 years ago

Yes, its currently being investigated and worked on.

Actions #7

Updated by Kenneth Kolano about 6 years ago

Suricata events also seem to indicate someone may be attempting to DOS the box these VMs are running on at times, which may be related to the network failures.

SERVER-OTHER Cisco NetFlow Generation Appliance SCTP denial of service attempt
SERVER-OTHER Cisco IOS MediaNet metadata over RSVP IPFIX setlen=4 denial of service attempt
PROTOCOL-VOIP Cisco Expressway and TelePresence VCS denial of service attempt
Actions #8

Updated by Victor Julien about 6 years ago

  • Target version changed from 1.0.1 to TBD
Actions #9

Updated by Shivani Bhardwaj almost 6 years ago

  • Status changed from New to Assigned
Actions #10

Updated by Shivani Bhardwaj almost 6 years ago

  • Status changed from Assigned to Feedback
Actions #11

Updated by Shivani Bhardwaj over 5 years ago

  • Status changed from Feedback to Closed
Actions #13

Updated by Shivani Bhardwaj over 5 years ago

  • Affected Versions 1.0.5 added
  • Affected Versions deleted (1.0.0)
Actions #14

Updated by Shivani Bhardwaj over 5 years ago

  • Target version changed from TBD to 1.0.5
  • Affected Versions 1.0.0 added
  • Affected Versions deleted (1.0.5)
Actions

Also available in: Atom PDF