[Oisf-devel] surikata can't be killed when there is no passing traffic
Eric Leblond
eric at regit.org
Tue Aug 30 14:45:14 UTC 2011
Hello,
On Tue, 2011-08-23 at 15:55 +0400, Sergey Naumov wrote:
> Hello.
>
> I use suricata-1.0.3. I can kill it only with -9 signal when there is
> no traffic.
> Log shows, that problem is in stopping pcap thread. My investigation
> shows that this thread never joins and I think that it is because
> surikata defers reaction on sigterm, but uses pthread_mutex_lock and
> pthread_cond_wait in RingBufferDoWait. It is better to use
> pthread_cond_timedwait there.
You may be facing this bug:
https://redmine.openinfosecfoundation.org/issues/3
which is in fact a libpcap 0.9.x bug.
I will investigate if this is not the case.
> And is it possible to implement printing a statistic on some signal,
> ex SIGUSR1? For example, I need to know on what packet rates IDS
> starts to drop packets, but I can get this info only by killing
> suricata. And then if I need to perform one more test I have to wait
> about 5 mins while suricata restarts.
Interesting point, you should post a feature request on the redmine.
BR
--
Eric Leblond
Blog: http://home.regit.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20110830/9ff9f599/attachment.sig>
More information about the Oisf-devel
mailing list