Project

General

Profile

Actions

Bug #6021

closed

af-packet: reload not occurring until packets are seen

Added by Pawel Wangryn over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

With 6.0.11, rule reloads with AF_PACKET are not finishing until all threads have seen a packet.

Original subject: Unable to get message from server after update to 6.0.11 from 6.0.10

Original description:

Hi, I receive error while try to run suricatasc -c reload-rules. On Suricata 6.0.10 works fine, after update to 6.0.11 command stuck for 10 minutes and then throw this error

[root@server-ubuntu /]# suricatasc -c reload-rules

Traceback (most recent call last):
  File "/usr/bin/suricatasc", line 73, in <module>
    res = sc.send_command(command, arguments)
  File "/usr/lib/suricata/python/suricata/sc/suricatasc.py", line 156, in send_command
    raise SuricataReturnException("Unable to get message from server")
suricata.sc.suricatasc.SuricataReturnException: Unable to get message from server
[root@server-ubuntu /]#

After downgrade to 6.0.10 everything works fine

[root@server-ubuntu /]# suricatasc -c reload-rules
{"message": "done", "return": "OK"}
[root@server-ubuntu /]#

Subtasks 1 (0 open1 closed)

Bug #6031: af-packet: reload not occurring until packets are seen (6.0.x backport)ClosedJason IshActions

Related issues 2 (0 open2 closed)

Related to Suricata - Bug #6024: detect: reload rules now takes forever on a rather idle env after #5969RejectedActions
Related to Suricata - Bug #6027: Suricatasc encounters issues with commands involving multiple-tenant in Suricata 6.0.11, causing it to become unresponsive.RejectedActions
Actions #1

Updated by Jason Ish over 1 year ago

Do you have any rules?

I'm able to replicate this with 6.0.11 when I have 0 rules. A suricatasc -c reload-rules never returns until timeout later on, but with 6.0.10 it returns immediately.

However, if I have some rules to be loaded, both 6.0.11 and 6.0.10 eventually return with the rules reloaded.

Actions #2

Updated by Jason Ish over 1 year ago

Sorry, I'm wrong. It eventually does return, but takes much longer in 6.0.11 than it did in 6.0.10. Will need to investigate further.

Actions #3

Updated by Jason Ish over 1 year ago

  • Subject changed from Unable to get message from server after update to 6.0.11 from 6.0.10 to af-packet: reload not occurring until packets are seen
  • Description updated (diff)
  • Assignee changed from OISF Dev to Jason Ish
  • Target version changed from TBD to 6.0.12
  • Affected Versions 7.0.0-rc1 added
  • Label Needs backport to 6.0 added
Actions #4

Updated by Jason Ish over 1 year ago

  • Status changed from New to In Review
Actions #5

Updated by Jason Ish over 1 year ago

  • Related to Bug #6024: detect: reload rules now takes forever on a rather idle env after #5969 added
Actions #6

Updated by Victor Julien over 1 year ago

  • Related to Bug #6027: Suricatasc encounters issues with commands involving multiple-tenant in Suricata 6.0.11, causing it to become unresponsive. added
Actions #7

Updated by Jason Ish over 1 year ago

  • Status changed from In Review to Closed
  • Target version changed from 6.0.12 to 7.0.0-rc2

Merged into master.

Actions #8

Updated by Victor Julien over 1 year ago

  • Status changed from Closed to Resolved
Actions #9

Updated by OISF Ticketbot over 1 year ago

  • Subtask #6031 added
Actions #10

Updated by OISF Ticketbot over 1 year ago

  • Label deleted (Needs backport to 6.0)
Actions #11

Updated by Victor Julien over 1 year ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF