Bug #6021
closedaf-packet: reload not occurring until packets are seen
Description
With 6.0.11, rule reloads with AF_PACKET are not finishing until all threads have seen a packet.
Original subject: Unable to get message from server after update to 6.0.11 from 6.0.10
Original description:
Hi, I receive error while try to run suricatasc -c reload-rules. On Suricata 6.0.10 works fine, after update to 6.0.11 command stuck for 10 minutes and then throw this error
[root@server-ubuntu /]# suricatasc -c reload-rules
Traceback (most recent call last):
File "/usr/bin/suricatasc", line 73, in <module>
res = sc.send_command(command, arguments)
File "/usr/lib/suricata/python/suricata/sc/suricatasc.py", line 156, in send_command
raise SuricataReturnException("Unable to get message from server")
suricata.sc.suricatasc.SuricataReturnException: Unable to get message from server
[root@server-ubuntu /]#
After downgrade to 6.0.10 everything works fine
[root@server-ubuntu /]# suricatasc -c reload-rules
{"message": "done", "return": "OK"}
[root@server-ubuntu /]#
JI Updated by Jason Ish about 3 years ago
Do you have any rules?
I'm able to replicate this with 6.0.11 when I have 0 rules. A suricatasc -c reload-rules never returns until timeout later on, but with 6.0.10 it returns immediately.
However, if I have some rules to be loaded, both 6.0.11 and 6.0.10 eventually return with the rules reloaded.
JI Updated by Jason Ish about 3 years ago
Sorry, I'm wrong. It eventually does return, but takes much longer in 6.0.11 than it did in 6.0.10. Will need to investigate further.
JI Updated by Jason Ish about 3 years ago
- Subject changed from Unable to get message from server after update to 6.0.11 from 6.0.10 to af-packet: reload not occurring until packets are seen
- Description updated (diff)
- Assignee changed from OISF Dev to Jason Ish
- Target version changed from TBD to 6.0.12
- Affected Versions 7.0.0-rc1 added
- Label Needs backport to 6.0 added
JI Updated by Jason Ish about 3 years ago
- Status changed from New to In Review
JI Updated by Jason Ish about 3 years ago
- Related to Bug #6024: detect: reload rules now takes forever on a rather idle env after #5969 added
VJ Updated by Victor Julien almost 3 years ago
- Related to Bug #6027: Suricatasc encounters issues with commands involving multiple-tenant in Suricata 6.0.11, causing it to become unresponsive. added
JI Updated by Jason Ish almost 3 years ago
- Status changed from In Review to Closed
- Target version changed from 6.0.12 to 7.0.0-rc2
Merged into master.
VJ Updated by Victor Julien almost 3 years ago
- Status changed from Closed to Resolved
OT Updated by OISF Ticketbot almost 3 years ago
- Subtask #6031 added
OT Updated by OISF Ticketbot almost 3 years ago
- Label deleted (
Needs backport to 6.0)
VJ Updated by Victor Julien almost 3 years ago
- Status changed from Resolved to Closed