Project

General

Profile

Actions
Copy link

Bug #6021

closed

af-packet: reload not occurring until packets are seen

Added by Pawel Wangryn about 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason Ish
Target version:
7.0.0-rc2
Affected Versions:
7.0.0-rc1, 6.0.11
Effort:
Difficulty:
Label:

Description

With 6.0.11, rule reloads with AF_PACKET are not finishing until all threads have seen a packet.

Original subject: Unable to get message from server after update to 6.0.11 from 6.0.10

Original description:

Hi, I receive error while try to run suricatasc -c reload-rules. On Suricata 6.0.10 works fine, after update to 6.0.11 command stuck for 10 minutes and then throw this error

[root@server-ubuntu /]# suricatasc -c reload-rules

Traceback (most recent call last):
  File "/usr/bin/suricatasc", line 73, in <module>
    res = sc.send_command(command, arguments)
  File "/usr/lib/suricata/python/suricata/sc/suricatasc.py", line 156, in send_command
    raise SuricataReturnException("Unable to get message from server")
suricata.sc.suricatasc.SuricataReturnException: Unable to get message from server
[root@server-ubuntu /]#

After downgrade to 6.0.10 everything works fine

[root@server-ubuntu /]# suricatasc -c reload-rules
{"message": "done", "return": "OK"}
[root@server-ubuntu /]#

Subtasks 1 (0 open1 closed)

Bug #6031: af-packet: reload not occurring until packets are seen (6.0.x backport)ClosedJason IshActions

Related issues 2 (0 open2 closed)

Related to Suricata - Bug #6024: detect: reload rules now takes forever on a rather idle env after #5969RejectedActions
Related to Suricata - Bug #6027: Suricatasc encounters issues with commands involving multiple-tenant in Suricata 6.0.11, causing it to become unresponsive.RejectedActions
Actions
Copy link

Also available in: Atom PDF