Bug #3477
closed
Suricata crashes when rules are reloaded
Added by Samiux A about 4 years ago.
Updated about 2 years ago.
Description
Suricata 5.0.1
IPS mode on af-packet and nfqueue
When running the following rules reload commands, the suricata will crash when it is fully reloaded.
kill -USR2 $(pidof suricata)
suricatasc -c reload-rules
suricatasc -c ruleset-reload-nonblocking
The PPA Suricata 5.0.1 and self-made libhyperscan5_5.2.1 debian package are installed. When rules reload, suricata will be crashed.
When PPA Suricata 5.0.1 and Ubuntu stock libhyperscan4 are installed. The problem gone.
It may be the problem with automatically installed libhyperscan4 and self-made libhyperscan5 co-existence.
The PPAs are build against/using the standard Ubuntu library version of the packages available for that OS/distro.
Which Ubuntu version are you using?
I am using Ubuntu 18.04 LTS which comes with libhyperscan4 by default.
However, I packed a libhyperscan5_5.2.1 and libhyperscan-dev under Ubuntu 18.04 LTS.
Is it possible that libhyperscan4 is not the default dependency?
When Ubuntu 20.04 is released, my box will be upgrade to it then.
The PPAs for Bionic are build with libhyperscan4 as a dependency/linked as this is the standard hyperscan pkg available in that distro. I am not sure how the libhyperscan5 replacement (over 4) would affect this - but do you observe the same when you just have the OS default libhyperscan4 ?
When Ubuntu 18.04 using libhyperscan4, the problem gone.
can we close this in that case?
Please close this thread, thanks.
- Status changed from New to Closed
Also available in: Atom
PDF