Good morning,
I have installed Suricata 6.0.3 under FreeBSD 13-p3 host from source using the following compìle options:
./configure --prefix=/opt/suricata --sysconfdir=/etc --localstatedir=/var --disable-gccmarch-native --enable-profiling --enable-profiling-locks --enable-netmap --enable-pie --enable-rust --enable-gccprotect --disable-suricata-update.
All works ok except when I try to stop suricata process:
+ echo 'kill -TERM 1015'
+ _doit='kill -TERM 1015'
+ _run_rc_doit 'kill -TERM 1015'
+ debug 'run_rc_command: doit: kill -TERM 1015'
+ eval 'kill -TERM 1015'
+ kill -TERM 1015
+ _return=0
+ [ 0 -ne 0 ]
+ return 0
+ wait_for_pids 1015
+ local _list _prefix _nlist _j
+ _list=1015
+ [ -z 1015 ]
+ _prefix=''
+ true
+ _nlist=''
+ kill -0 1015
+ _nlist=1015
+ [ -n '' ]
+ [ -z 1015 ]
+ _list=1015
+ echo -n 'Waiting for PIDS: 1015'
Waiting for PIDS: 1015+ _prefix=', '
+ pwait 1015
Suricata process never stops. I am using the following script to start/stop/restart Suricata:
#!/bin/sh
# $FreeBSD$
# PROVIDE: suricata
# REQUIRE: DAEMON
# BEFORE: LOGIN
# KEYWORD: shutdown
# Add the following lines to /etc/rc.conf to enable suricata:
# suricata_enable (bool): Set to YES to enable suricata
# Default: NO
# suricata_flags (str): Extra flags passed to suricata
# Default: -D
# suricata_interface (str): Network interface(s) to sniff
# Default: ""
# suricata_conf (str): Suricata configuration file
# Default: ${PREFIX}/etc/suricata/suricata.yaml
# suricata_divertport (int): Port to create divert socket (Inline Mode)
# Default: 8000
# suricata_netmap (str): Set to YES to enable netmap (Inline Mode)
# Default: NO
# suricata_user (str): Set the user to run suricata as
# Default: root
# suricata_pidfile (str): Pidfile to store pid of suricata process
# Default: /var/run/suricata.pid
. /etc/rc.subr
name="suricata"
rcvar=suricata_enable
start_precmd="suricata_prestart"
command="/usr/local/bin/suricata"
load_rc_config $name
[ -z "$suricata_enable" ] && suricata_enable="NO"
[ -z "$suricata_conf" ] && suricata_conf="%%PREFIX%%/etc/suricata/suricata.yaml"
[ -z "$suricata_flags" ] && suricata_flags="-D"
[ -z "$suricata_divertport" ] && suricata_divertport="8000"
[ -z "$suricata_netmap" ] && suricata_netmap="NO"
[ -z "$suricata_user" ] && suricata_user="root"
[ -z "$suricata_pidfile" ] && suricata_pidfile="/var/run/suricata.pid"
if [ -n "$suricata_interface" ]; then
for interface in $suricata_interface; do
suricata_flags="$suricata_flags --pcap=$interface"
done
elif [ "$suricata_netmap" != "NO" ]; then
suricata_flags="$suricata_flags --netmap"
else
suricata_flags="$suricata_flags -d $suricata_divertport"
info "Inline Mode on divert port $suricata_divertport (suricata_interface not defined)"
fi
pidfile=$suricata_pidfile
suricata_flags="$suricata_flags --pidfile $pidfile"
[ -n "$suricata_conf" ] && suricata_flags="$suricata_flags -c $suricata_conf"
suricata_prestart()
{
rm -f /nsm/suricata/*
if ! run_rc_command status > /dev/null; then
rm -f "$pidfile"
fi
}
run_rc_command "$1"
Some time ago, I have reported the same issue:Suricata never stops under FreeBSD 13.
Same config, compile options and start/stop script works without problem using Suricata 5.0.7. Where is the issue?
Thanks.