Bug #2362
Updated by Victor Julien over 6 years ago
If you run the IPS mode with NFQUEUE (with --queue-balance) and the workers mode the rule reload with SIGUSR2 might not succeed: In *detect-engine.c* packets are injected in every thread to swap to the new ruleset, but this won't happen in runmode workers since there are no now incoming queues *inq*. We then wait for every thread to receive the new rules which could take ages on systems with small amount of traffic since the queue balance from NFQUEUE is not perfectly distributed. One workaround is to inject packets with iptables but the proper solution would be inject those within the runmode. Any suggestions on how to approach this issue?