Bug #3477
closedSuricata crashes when rules are reloaded
Description
Suricata 5.0.1
IPS mode on af-packet and nfqueue
When running the following rules reload commands, the suricata will crash when it is fully reloaded.
kill -USR2 $(pidof suricata)
suricatasc -c reload-rules
suricatasc -c ruleset-reload-nonblocking
Updated by Samiux A about 4 years ago
The PPA Suricata 5.0.1 and self-made libhyperscan5_5.2.1 debian package are installed. When rules reload, suricata will be crashed.
When PPA Suricata 5.0.1 and Ubuntu stock libhyperscan4 are installed. The problem gone.
It may be the problem with automatically installed libhyperscan4 and self-made libhyperscan5 co-existence.
Updated by Peter Manev about 4 years ago
The PPAs are build against/using the standard Ubuntu library version of the packages available for that OS/distro.
Which Ubuntu version are you using?
Updated by Samiux A about 4 years ago
I am using Ubuntu 18.04 LTS which comes with libhyperscan4 by default.
However, I packed a libhyperscan5_5.2.1 and libhyperscan-dev under Ubuntu 18.04 LTS.
Is it possible that libhyperscan4 is not the default dependency?
When Ubuntu 20.04 is released, my box will be upgrade to it then.
Updated by Peter Manev about 4 years ago
The PPAs for Bionic are build with libhyperscan4 as a dependency/linked as this is the standard hyperscan pkg available in that distro. I am not sure how the libhyperscan5 replacement (over 4) would affect this - but do you observe the same when you just have the OS default libhyperscan4 ?
Updated by Samiux A about 4 years ago
When Ubuntu 18.04 using libhyperscan4, the problem gone.