https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022020-07-28T18:21:45ZOpen Information Security FoundationSuricata - Bug #3846: Infinite loop if the sniffing interface temporarily goes downhttps://redmine.openinfosecfoundation.org/issues/3846?journal_id=170212020-07-28T18:21:45ZRoland Fischer
<ul></ul><p>The proposed patch is one way of fixing it but it'll exit Suricata.</p>
<p>The question is whether Suricata should try to recover in this use case, or if it should exit and leave it up to some external process control, e.g. systemd if you fancy that, to restart the whole thing. Each solution has its tos and fros.</p>
<p>From what I can tell, retry behaviour was added in <a class="external" href="https://github.com/OISF/suricata/commit/fb36c0af126883f91f7bd45ad162323a9efaf031">https://github.com/OISF/suricata/commit/fb36c0af126883f91f7bd45ad162323a9efaf031</a> quite a bit ago with the goal of "Prior to this patch, a suricata listening to an interface was leaving when the interface goes down. This patch modifies the behaviour to automatically reconnect.".</p>
<p>This probably points more towards fixing up <code>PcapTryReopen()</code> to handle this use case as well, but the suricata devs would better know their preference.</p> Suricata - Bug #3846: Infinite loop if the sniffing interface temporarily goes downhttps://redmine.openinfosecfoundation.org/issues/3846?journal_id=170222020-07-28T18:24:10ZRoland Fischer
<ul></ul><p>Fixing <code>PcapTryReopen()</code> would probably require to <code>pcap_close()</code> the pcap handle in this case and re-create it similar to what is done in <code>ReceivePcapThreadInit()</code>.</p> Suricata - Bug #3846: Infinite loop if the sniffing interface temporarily goes downhttps://redmine.openinfosecfoundation.org/issues/3846?journal_id=206062021-09-08T18:35:14ZPhilippe Antoine
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>In Review</i></li><li><strong>Target version</strong> set to <i>7.0.0-beta1</i></li></ul><p><a class="external" href="https://github.com/OISF/suricata/pull/6274">https://github.com/OISF/suricata/pull/6274</a></p> Suricata - Bug #3846: Infinite loop if the sniffing interface temporarily goes downhttps://redmine.openinfosecfoundation.org/issues/3846?journal_id=238682022-06-28T18:49:15ZJuliana Fajardini Reichow
<ul><li><strong>Status</strong> changed from <i>In Review</i> to <i>In Progress</i></li><li><strong>Assignee</strong> set to <i>Juliana Fajardini Reichow</i></li></ul><p>This work had been started already on GH but the contributor, unfortunately, hasn't signed the CLA, so we can't accept their contribution.</p>
<p>Claiming it, so this bug can be resolved.</p> Suricata - Bug #3846: Infinite loop if the sniffing interface temporarily goes downhttps://redmine.openinfosecfoundation.org/issues/3846?journal_id=238702022-06-28T20:48:46ZJuliana Fajardini Reichow
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>In Review</i></li></ul><p>New PR for review: <a class="external" href="https://github.com/OISF/suricata/pull/7580">https://github.com/OISF/suricata/pull/7580</a></p> Suricata - Bug #3846: Infinite loop if the sniffing interface temporarily goes downhttps://redmine.openinfosecfoundation.org/issues/3846?journal_id=238812022-06-29T20:28:36ZJuliana Fajardini Reichow
<ul><li><strong>Status</strong> changed from <i>In Review</i> to <i>Closed</i></li></ul><p>Merged PR: <a class="external" href="https://github.com/OISF/suricata/pull/7580">https://github.com/OISF/suricata/pull/7580</a></p> Suricata - Bug #3846: Infinite loop if the sniffing interface temporarily goes downhttps://redmine.openinfosecfoundation.org/issues/3846?journal_id=239882022-07-04T14:11:53ZJuliana Fajardini Reichow
<ul><li><strong>Label</strong> <i>Needs backport to 6.0</i> added</li></ul> Suricata - Bug #3846: Infinite loop if the sniffing interface temporarily goes downhttps://redmine.openinfosecfoundation.org/issues/3846?journal_id=239892022-07-04T14:12:27ZJuliana Fajardini Reichow
<ul><li><strong>Copied to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/5436">Bug #5436</a>: Infinite loop if the sniffing interface temporarily goes down (6.0.x backports)</i> added</li></ul>