Project

General

Custom queries

Profile

Actions
Copy link

Bug #7568

open

pcap: continuous file reading fails on an empty directory

Added by Lukas Sismis about 1 month ago. Updated 8 days ago.

Status:
Assigned
Priority:
Normal
Assignee:
Lukas Sismis
Target version:
8.0.0-rc1
Affected Versions:
7.0.2
Effort:
Difficulty:
Label:
Needs backport to 7.0

Description

If Suricata is run in a pcap directory reading mode and the directory is empty, then Suricata crashes because FM doesn't get started in time.
Reproduced by:
suricata -r /tmp/pcap/ --pcap-file-continuous -vvvv

Likely because the code in flow-manager.c gets stuck and does not proceed with FM initialization:
```
/* don't start our activities until time is setup */
while (!TimeModeIsReady()) {
if (suricata_ctl_flags != 0)
return TM_ECODE_OK;
usleep(10);
}
```

Reported in https://forum.suricata.io/t/suricata-exits-with-errors-when-running-with-r-and-pcap-file-continuous/4396/2

Related issues 1 (1 open0 closed)

Related to Suricata - Bug #7497: pcap: exit with errors when running with -r and --pcap-file-continuousNewOISF DevActions
Actions
Copy link
 #1

Updated by Lukas Sismis about 1 month ago

  • Subject changed from pcap: continuous file reading fails on empty directory to pcap: continuous file reading fails on an empty directory
Actions
Copy link
 #2

Updated by Victor Julien about 1 month ago

  • Related to Bug #7497: pcap: exit with errors when running with -r and --pcap-file-continuous added
Actions
Copy link
 #3

Updated by Lukas Sismis about 1 month ago

CI test is needed

Actions
Copy link
 #4

Updated by Lukas Sismis 8 days ago

  • Target version changed from TBD to 8.0.0-rc1
Actions
Copy link

Also available in: Atom PDF