From: Alexander Gozman <a.gozman@securitycode.ru>
Date: Fri, 21 Dec 2018 16:16:29 +0000 (+0000)
Subject: nfqueue: inject fake packet on timeout
X-Git-Tag: suricata-4.1.3~39
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=03af3e1ed8aacf34d44b242a507d623352dc10a8;p=thirdparty%2Fsuricata.git

nfqueue: inject fake packet on timeout

Fixes nfqueue and delayed-detect.

On systems with small amount of traffic (or with no traffic at all)
nfqueue with 'delayed-detect' enabled hanged in 'workers' mode.

Bug #2362.
---

diff --git a/src/source-nfq.c b/src/source-nfq.c
index 3680c06e45..81886f4ea3 100644
--- a/src/source-nfq.c
+++ b/src/source-nfq.c
@@ -916,6 +916,9 @@ static void NFQRecvPkt(NFQQueueVars *t, NFQThreadVars *tv)
             /* no error on timeout */
             if (flag)
                 NFQVerdictCacheFlush(t);
+
+            /* inject a fake packet on timeout */
+            TmThreadsCaptureInjectPacket(tv->tv, tv->slot, NULL);
         } else {
 #ifdef COUNTERS
             NFQMutexLock(t);