Ok to clarify, by:
you mean that you restart Suricata by stopping it and starting it again, right?
At first, I thought by “reloading Suricata” you mean reload-rules via suricatasc.
I can reproduce the issue now by running and stopping Suricata when running with higher count of Suricata workers (e.g. I am running 18+18 cores in IPS mode with Mellanox Connect-X5 card and with mempool-size set to 1048575 elements, number of RX/TX descriptors don’t seem to play a role in reproducing the error log).
But RX/TX descriptors seem to play a role when running suricatasc in parallel to Suricata.
In my case if I have :
- 1024 descriptors:
- and I run suricatasc then the shutdown goes well
- otherwise if I don’t run suricatasc then the error appears
- 32768 descriptors:
- error appears irrespective to suricatasc
I am only curious about the other thing you wrote:
suricatasc is not repsonding and have to ctrl break it
At least in my case, the shutdown of Suricata doesn’t get stuck. If you used any - what command did you use for suricatasc? Or can you be a bit more specific about your suricatasc/log rotate configs/commands?
This needs more attention, I’m creating a Redmine ticket and I’ll try to fix it soon.