Bug #6021
closedaf-packet: reload not occurring until packets are seen
Description
With 6.0.11, rule reloads with AF_PACKET are not finishing until all threads have seen a packet.
Original subject: Unable to get message from server after update to 6.0.11 from 6.0.10
Original description:
Hi, I receive error while try to run suricatasc -c reload-rules. On Suricata 6.0.10 works fine, after update to 6.0.11 command stuck for 10 minutes and then throw this error
[root@server-ubuntu /]# suricatasc -c reload-rules
Traceback (most recent call last):
File "/usr/bin/suricatasc", line 73, in <module>
res = sc.send_command(command, arguments)
File "/usr/lib/suricata/python/suricata/sc/suricatasc.py", line 156, in send_command
raise SuricataReturnException("Unable to get message from server")
suricata.sc.suricatasc.SuricataReturnException: Unable to get message from server
[root@server-ubuntu /]#
After downgrade to 6.0.10 everything works fine
[root@server-ubuntu /]# suricatasc -c reload-rules
{"message": "done", "return": "OK"}
[root@server-ubuntu /]#
Updated by Jason Ish about 1 year ago
Do you have any rules?
I'm able to replicate this with 6.0.11 when I have 0 rules. A suricatasc -c reload-rules never returns until timeout later on, but with 6.0.10 it returns immediately.
However, if I have some rules to be loaded, both 6.0.11 and 6.0.10 eventually return with the rules reloaded.
Updated by Jason Ish about 1 year ago
Sorry, I'm wrong. It eventually does return, but takes much longer in 6.0.11 than it did in 6.0.10. Will need to investigate further.
Updated by Jason Ish about 1 year ago
- Subject changed from Unable to get message from server after update to 6.0.11 from 6.0.10 to af-packet: reload not occurring until packets are seen
- Description updated (diff)
- Assignee changed from OISF Dev to Jason Ish
- Target version changed from TBD to 6.0.12
- Affected Versions 7.0.0-rc1 added
- Label Needs backport to 6.0 added
Updated by Jason Ish about 1 year ago
- Status changed from New to In Review
Updated by Jason Ish about 1 year ago
- Related to Bug #6024: detect: reload rules now takes forever on a rather idle env after #5969 added
Updated by Victor Julien about 1 year ago
- Related to Bug #6027: Suricatasc encounters issues with commands involving multiple-tenant in Suricata 6.0.11, causing it to become unresponsive. added
Updated by Jason Ish about 1 year ago
- Status changed from In Review to Closed
- Target version changed from 6.0.12 to 7.0.0-rc2
Merged into master.
Updated by Victor Julien about 1 year ago
- Status changed from Closed to Resolved
Updated by OISF Ticketbot about 1 year ago
- Label deleted (
Needs backport to 6.0)
Updated by Victor Julien about 1 year ago
- Status changed from Resolved to Closed