[Oisf-devel] surikata can't be killed when there is no passing traffic
Sergey Naumov
sknaumov at gmail.com
Tue Aug 23 11:55:17 UTC 2011
Hello.
I use suricata-1.0.3. I can kill it only with -9 signal when there is
no traffic.
Log shows, that problem is in stopping pcap thread. My investigation
shows that this thread never joins and I think that it is because
surikata defers reaction on sigterm, but uses pthread_mutex_lock and
pthread_cond_wait in RingBufferDoWait. It is better to use
pthread_cond_timedwait there.
And is it possible to implement printing a statistic on some signal,
ex SIGUSR1? For example, I need to know on what packet rates IDS
starts to drop packets, but I can get this info only by killing
suricata. And then if I need to perform one more test I have to wait
about 5 mins while suricata restarts.
Sergey Naumov.
More information about the Oisf-devel
mailing list