Project

General

Profile

Actions
Copy link

Bug #6024

closed

detect: reload rules now takes forever on a rather idle env after #5969

Added by tug tugtug about 1 year ago. Updated 12 months ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
6.0.11
Effort:
Difficulty:
Label:

Description

As a side effect of #5969, now the switching to the new context takes forever to complete when there isn't frequent new traffic to activate all detection threads (by setting the so_far_used_by_detect flag).

This is especially problematic when suricata is used with a receiver that doesn't support PktAcqBreakLoop.

This change causes the command to reload rules (wait_done = true) to timeout or block the caller for a long time, which essentially would result in liveness check failures.

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #6021: af-packet: reload not occurring until packets are seenClosedJason IshActions
Actions
Copy link
 #1

Updated by Jason Ish about 1 year ago

  • Related to Bug #6021: af-packet: reload not occurring until packets are seen added
Actions
Copy link
 #2

Updated by Victor Julien about 1 year ago

  • Assignee changed from Victor Julien to Jason Ish
Actions
Copy link
 #3

Updated by Victor Julien 12 months ago

  • Status changed from New to Rejected
  • Assignee deleted (Jason Ish)
  • Target version deleted (TBD)

Duplicate of #6021

Actions
Copy link

Also available in: Atom PDF