snort3-261: snort can not stop on QUIT and TERM in NFQ mode.

[Meridoff via Snort-devel <snort-devel () lists snort org>]

Hello, i run snort3 build 261 with nfq

Config concerning to daq :
*ips.mode="tap"*
*daq = { module_dirs = { "/usr/lib/daq" } }*
*daq.inputs = {'1'}   --my queue ID*
*daq.modules = { { name = 'nfq', mode='passive' } }*

When I try to kill snort I see in log:

*Oct  9 11:36:32 xxx snort[25483]:
--------------------------------------------------*
*Oct  9 11:36:32 xxx snort[25483]: nfq DAQ configured to passive.*
*Oct  9 11:36:32 xxx snort[25483]: initializing daemon mode*
*Oct  9 11:36:32 xxx snort[25483]: child process is 25484*
*Oct  9 11:36:32 xxx snort[25484]: Commencing packet processing*
*Oct  9 11:36:32 xxx snort[25484]: ++ [0] 1*
*Oct  9 11:36:32 xxx snort[25484]: Writing PID "25484" to file
"/var/run/snort.pid"*
*Oct  9 11:36:32 xxx snort[25484]: Chroot directory = /*
*Oct  9 11:38:02 xxx snort[25484]: ** caught term signal*
*Oct  9 11:38:02 xxx snort[25484]: == stopping*
*Oct  9 11:38:31 xxx snort[25484]: ** caught quit signal*
*Oct  9 11:38:31 xxx snort[25484]: == stopping*

And process remains running..
As I know* --dirty-pig* mode is ON when killing by QUIT, but even this
can'not help.

I even tried to not configure nfq in iptables . With iptables configured
for nfq - the same situation..

Is it dungerous to use *always exit_pronto = true *in sources? So quick
exit without cleanup can be done..

exit_pronto settled to false after some part of initialization done. May do
no set it to false for avalibilty of quick exist ?

Thanks.

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!