Project

General

Profile

Actions
Copy link

Bug #7376

open

dpdk: delayed detect won't fully start Suricata until the first traffic

Added by Lukas Sismis 4 months ago. Updated 18 days ago.

Status:
Assigned
Priority:
Normal
Assignee:
Lukas Sismis
Target version:
8.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

With delayed detect a rule reload starts but you will never see the rule reload complete until you actually forward traffic

Subtasks 1 (1 open0 closed)

Bug #7377: dpdk: delayed detect won't fully start Suricata until the first traffic (7.0.x backport)AssignedLukas SismisActions
Actions
Copy link
 #1

Updated by OISF Ticketbot 4 months ago

  • Subtask #7377 added
Actions
Copy link
 #2

Updated by OISF Ticketbot 4 months ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #3

Updated by Lukas Sismis 19 days ago

  • Status changed from New to Assigned
Actions
Copy link
 #4

Updated by Lukas Sismis 18 days ago ยท Edited

Trying to reproduce with:
make -j10 && && sudo ./src/suricata -c suricata.yaml.mlx5.4thr -S rules/emerging-all.rules -l /tmp/ --dpdk -vvvv

On the MLX5 card and with delayed-detect enabled, it seems to behave correctly - rules are loaded and Suricata starts successfully.

Edit: also tested without the "-S" runtime option, specified ruleset files in the config and rule reload over the UNIX socket. All seems to start fine.

Actions
Copy link

Also available in: Atom PDF