Project

General

Profile

Actions
Copy link

Bug #2751

closed

Engine unable to disable detect thread, Killing engine. (in libpcap mode)

Added by jingyu YANG over 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
jingyu YANG
Target version:
5.0beta1
Affected Versions:
Effort:
low
Difficulty:
low
Label:

Description

When I terminate suricata (libpcap mode, --pcap=iface ), if the packet capturing thread is busy (100% cpu), the main thread have to kill the capturing thread after timeout.

It is better to implement PktAcqBreakLoop handler to call pcap_breakloop internally, and a pull request will be proposed later.

The error msg is attached.

[23694] 20/12/2018 -- 10:41:58 - (runmode-pcap.c:257) <Info> (RunModeIdsPcapSingle) -- RunModeIdsPcapSingle initialised
[23694] 20/12/2018 -- 10:41:58 - (tm-threads.c:2172) <Notice> (TmThreadWaitOnThreadInit) -- all 1 packet processing threads, 4 management threads initialized, engine started.
^C23694 20/12/2018 -- 10:42:13 - (suricata.c:2847) <Notice> (SuricataMainLoop) -- Signal Received. Stopping engine.
[a lone time to wait, 1 minute]
[23694] 20/12/2018 -- 10:43:14 - (tm-threads.c:1578) <Error> (TmThreadDisableReceiveThreads) -- [ERRCODE: SC_ERR_FATAL(171)] - Engine unable to disable detect thread - "W#01-*****". Killing engine

The main reason is that the PktAcqBreakLoop handler is set to NULL in the src/source-pcap.c:117.

I will submit a pull request to fix it.

Related issues 1 (1 open0 closed)

Related to Suricata - Bug #6257: pcap: hang at shutdown for some interfacesNewOISF DevActions
Actions
Copy link

Also available in: Atom PDF