[Oisf-users] SIGHUP handler?

Victor Julien lists at inliniac.net
Mon Jul 22 08:24:28 UTC 2013 

(Keeping this on the list.)

On 07/20/2013 10:49 AM, Darren Spruell wrote:
> On Fri, Jul 19, 2013 at 3:26 AM, Victor Julien <lists at inliniac.net
> <mailto:lists at inliniac.net>> wrote:
> 
>     On 07/19/2013 08:33 AM, Darren Spruell wrote:
>     > Hi,
>     >
>     > Suricata 1.4.1 RELEASE
>     > OpenBSD 5.3 i386
>     >
>     > Picked up on live rule reloads with USR2 signal. Wondered if Suricata
>     > currently supports any kind of restart/reload behavior with HUP?
>     If I'm
>     > not mistaken, sending SIGHUP on my system causes daemon to exit
>     silently
>     > (no output to logs, process goes away).
>     >
>     > I'm chewing on handling of reload action in OpenBSD's rc.d(8) daemon
>     > control scripts. The system assumes that daemons either handle a
>     reload
>     > action when they receive a SIGHUP (i.e. reload config) or have the
>     > reload action disabled if SIGHUP is not used for reload (i.e.
>     > daemon_reload=NO). Would handling HUP to reload config and ruleset be
>     > sensible in Suricata as with some other programs?
> 
>     Sounds like you're hitting a bug. Can you upgrade to 1.4.4 and check if
>     it still happens there?
> 
> 
> Upgraded to 1.4.4 release and appears to be same behavior.
> 
> OpenBSD 5.3 i386
> Suricata 1.4.4 RELEASE
>  ./configure --sysconfdir=/etc --localstatedir=/var --enable-gccprotect
> make
> make install
> make install-full
> 
> $ ps auxwww |grep suri
> root     31100  6.0  3.5 53960 27592 ??  Rs     1:33AM    0:17.76
> /usr/local/bin/suricata -c /etc/suricata/suricata.yaml -i trunk0 -D
> dspruell 17659  0.0  0.1   268   764 p1  S+     1:37AM    0:00.01 grep suri
> root     10310  0.0  0.3  1080  2236 p7  T      1:14AM    0:01.09 vi
> /etc/suricata/suricata.yaml
> dspruell 10532  0.0  0.1   320   772 p7  I+     1:35AM    0:00.01 grep
> suricata
> $ sudo kill -HUP 31100
> $ ps auxwww |grep suri
> root     10310  0.0  0.3  1080  2236 p7  T      1:14AM    0:01.09 vi
> /etc/suricata/suricata.yaml
> dspruell 10532  0.0  0.1   320   772 p7  I+     1:35AM    0:00.01 grep
> suricata
> 
> No output to log (syslog) observed when this occurs. However the console
> output shows a 'Hangup' and the program exits with status code 129.
> 
> # When SIGUSR2 sent:
> 20/7/2013 -- 01:43:40 - <Info> - Live rule reload not enabled in config.
> # When SIGHUP sent:
> Hangup
> 
> $ echo $?
> 129
> 

It actually looks like we don't handle HUP at all. The HUP signal
handler code is commented out.

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-users mailing list