Project

General

Profile

Actions
Copy link

Bug #5445

open

RX thread hang in pcap-file mode

Added by jun liu almost 2 years ago. Updated almost 2 years ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Affected Versions:
6.0.1
Effort:
Difficulty:
Label:

Description

Based on suricata 6.0.1 RX thread sometimes hang, so RX can't read pcap file.
Other people have been referred to the same problem:
(1) https://redmine.openinfosecfoundation.org/issues/3049
(2) https://redmine.openinfosecfoundation.org/issues/3075
While reading pcap file, function PcapFileDispatch try to call PacketPoolWait,
PacketPoolWait may hang on "SCCondWait(&my_pool->return_stack.cond, &my_pool->return_stack.mutex);".
It seems nobody sends Signal to it.

Files

2022-07-07-Emotet-infection-with-Cobalt-Strike.pcap (9.43 MB) 2022-07-07-Emotet-infection-with-Cobalt-Strike.pcap jun liu, 07/19/2022 02:23 AM

Related issues 1 (1 open0 closed)

Related to Suricata - Bug #3075: RX thread hang in pcap-file modeNewOISF DevActions
Actions
Copy link
 #1

Updated by jun liu almost 2 years ago

  • File 2022-07-07-Emotet-infection-with-Cobalt-Strike.pcap added
Actions
Copy link
 #2

Updated by jun liu almost 2 years ago

  • File deleted (2022-07-07-Emotet-infection-with-Cobalt-Strike.pcap)
Actions
Copy link
 #3

Updated by Victor Julien 12 months ago

  • Related to Bug #3075: RX thread hang in pcap-file mode added
Actions
Copy link

Also available in: Atom PDF