Bug #7376
open
dpdk: delayed detect won't fully start Suricata until the first traffic
Added by Lukas Sismis 4 months ago.
Updated 19 days ago.
Description
With delayed detect a rule reload starts but you will never see the rule reload complete until you actually forward traffic
- Label deleted (
Needs backport to 7.0)
- Status changed from New to Assigned
Trying to reproduce with:
make -j10 && && sudo ./src/suricata -c suricata.yaml.mlx5.4thr -S rules/emerging-all.rules -l /tmp/ --dpdk -vvvv
On the MLX5 card and with delayed-detect enabled, it seems to behave correctly - rules are loaded and Suricata starts successfully.
Edit: also tested without the "-S" runtime option, specified ruleset files in the config and rule reload over the UNIX socket. All seems to start fine.
Also available in: Atom
PDF