Suricatasc reload-tenant to suricata segatiation fault suricata

Please include the following information with your help request:

• Suricata version: 6.0.5
• Operating system and/or Linux distribution: ubuntu 18.04
• How you installed Suricata (from source, packages, something else): sudo apt install suricata

HI, My second reload-tenant will crash, as shown

image776×258 6.81 KB

multi-detect.yaml

%YAML 1.1
---

multi-detect:
  enabled: yes
  #selector: direct # direct or vlan
  selector: device
  loaders: 3

  tenants:
  - id: 1
    yaml: /etc/suricata/tenant-1.yaml
  - id: 2
    yaml: /etc/suricata/tenant-2.yaml
  - id: 3
    yaml: /etc/suricata/tenant-3.yaml

  mappings:
  - device: enp2s0
    tenant-id: 1
  - device: enp3s0
    tenant-id: 2
  - device: enp4s0
    tenant-id: 3

tenant-2.yaml

%YAML 1.1

---

# Set the default rule path here to search for the files.

# if not set, it will look at the current working dir

default-rule-path: /etc/suricata/rules

rule-files:

- tenant-2.rules

tenant-2.rules

alert tcp any any -> any any (msg:"jankincai"; flow:to_server,established; content:"cd"; content:"ab"; within:2; sid:165535; rev:1;)

Hi,

please update to 6.0.15 (the latest 6.0.x) and see if it is still the case, there have been a lot of fixes.

Hi,

I have tried version 6.0.15 without this problem, thank you. However, I found another problem. The suricatasc command was blocked when one of the af-packet nics was down. The previous normal command indicates that all network ports are in up state.

无标题1624×301 15.4 KB

You need to make sure the interface is up, otherwise it’s obvious that it won’t work.