Bug #7568
closedpcap: continuous file reading fails on an empty directory
Description
If Suricata is run in a pcap directory reading mode and the directory is empty, then Suricata crashes because FM doesn't get started in time.
Reproduced by:suricata -r /tmp/pcap/ --pcap-file-continuous -vvvv
Likely because the code in flow-manager.c gets stuck and does not proceed with FM initialization:
```
/* don't start our activities until time is setup */
while (!TimeModeIsReady()) {
if (suricata_ctl_flags != 0)
return TM_ECODE_OK;
usleep(10);
}
```
Reported in https://forum.suricata.io/t/suricata-exits-with-errors-when-running-with-r-and-pcap-file-continuous/4396/2
LS Updated by Lukas Sismis about 1 year ago
- Subject changed from pcap: continuous file reading fails on empty directory to pcap: continuous file reading fails on an empty directory
VJ Updated by Victor Julien about 1 year ago
- Related to Bug #7497: pcap: exit with errors when running with -r and --pcap-file-continuous added
LS Updated by Lukas Sismis about 1 year ago
CI test is needed
LS Updated by Lukas Sismis about 1 year ago
- Target version changed from TBD to 8.0.0-rc1
OT Updated by OISF Ticketbot 12 months ago
- Subtask #7661 added
OT Updated by OISF Ticketbot 12 months ago
- Label deleted (
Needs backport to 7.0)
LS Updated by Lukas Sismis 11 months ago ยท Edited
- Status changed from Assigned to In Progress
The actual problem was fixed in the PR below, I need to add Github CI tests.
https://github.com/OISF/suricata/pull/13277
LS Updated by Lukas Sismis 10 months ago
- Status changed from In Progress to Resolved
Setting to resolved, tests are ticketted in https://redmine.openinfosecfoundation.org/issues/7739
LS Updated by Lukas Sismis 10 months ago
- Status changed from Resolved to Closed