Actions
Bug #537
closedIPS mode sometimes doesn't shutdown
Affected Versions:
Effort:
Difficulty:
Label:
Description
My IPS sometimes hangs at shutdown. NFQ + autofp runmode.
Updated by Victor Julien over 11 years ago
Main thread hangs in:
void TmThreadKillThread(ThreadVars *tv)
{
int i = 0;
if (tv == NULL)
return;
if (tv->inq != NULL) {
/* we wait till we dry out all the inq packets, before we
* kill this thread. Do note that you should have disabled
* packet acquire by now using TmThreadDisableReceiveThreads()*/
if (!(strlen(tv->inq->name) == strlen("packetpool") &&
strcasecmp(tv->inq->name, "packetpool") == 0)) {
PacketQueue *q = &trans_q[tv->inq->id];
while (q->len != 0) {
usleep(1000);
}
}
}
Thread being killed hangs in:
(gdb) thr 7 [Switching to thread 7 (Thread 0xb6a7db70 (LWP 10214))]#0 0x0057a422 in __kernel_vsyscall () (gdb) bt #0 0x0057a422 in __kernel_vsyscall () #1 0x00c30936 in nanosleep () at ../sysdeps/unix/syscall-template.S:82 #2 0x00c6038c in usleep (useconds=100) at ../sysdeps/unix/sysv/linux/usleep.c:33 #3 0x081e2799 in TmThreadWaitForFlag (tv=0xa0eda08, flags=64 '@') at tm-threads.c:1869 #4 0x081def47 in TmThreadsSlotVar (td=0xa0eda08) at tm-threads.c:798 #5 0x00e0996e in start_thread (arg=0xb6a7db70) at pthread_create.c:300 #6 0x00c6698e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 (gdb) f 4 #4 0x081def47 in TmThreadsSlotVar (td=0xa0eda08) at tm-threads.c:798 798 TmThreadWaitForFlag(tv, THV_DEINIT); (gdb) print tv->name $6 = 0xa0ed9f8 "Detect1"
Updated by Victor Julien over 11 years ago
In the queue for "Detect1" (trans_q [ 0 ]) we have 1 packet, a PKT_PSEUDO_STREAM_END packet. I've not yet figured out how it may have ended up there. Since delay_detect == 1 the following shut down has already happened:
/* First we need to kill the flow manager thread */
FlowKillFlowManagerThread();
/* Disable packet acquire thread first */
TmThreadDisableThreadsWithTMS(TM_FLAG_RECEIVE_TM | TM_FLAG_DECODE_TM);
FlowForceReassembly();
/* Disable detect threads first. This is required by live rule swap */
TmThreadDisableThreadsWithTMS(TM_FLAG_RECEIVE_TM | TM_FLAG_DECODE_TM |
TM_FLAG_STREAM_TM | TM_FLAG_DETECT_TM);
Any ideas?
Updated by Victor Julien over 11 years ago
- Assignee changed from Victor Julien to Anoop Saldanha
- Target version changed from 1.4beta1 to 1.4beta2
Updated by Victor Julien over 11 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
Fixed/worked around for https://github.com/inliniac/suricata/pull/120
Thanks for the analysis and fix Anoop and Eric!
Actions