From: Eric Leblond <eric@regit.org>
Date: Thu, 4 Oct 2012 09:06:33 +0000 (+0200)
Subject: nfq: close the queue when leaving acquisition.
X-Git-Tag: suricata-1.4beta2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=19756488ab157fc40971fe4f264bf68eed684235;p=thirdparty%2Fsuricata.git

nfq: close the queue when leaving acquisition.

This patch adds a call to close the queue when the acquisition
loop is ending. This way the incoming packets will be accepted
during all the shutdown phase (if the queue-bypass option of
NFQUEUE is used). At the same time the currently processed packets
will be dropped but the time scale are different: suricata will
drop 20 ms of packets and the shutdown can take 0.5 seconds.

Patch based on an idea of Victor Julien.
---

diff --git a/src/source-nfq.c b/src/source-nfq.c
index ab22287e3f..373842fc96 100644
--- a/src/source-nfq.c
+++ b/src/source-nfq.c
@@ -839,6 +839,12 @@ TmEcode ReceiveNFQLoop(ThreadVars *tv, void *data, void *slot)
 
     while(1) {
         if (suricata_ctl_flags != 0) {
+            NFQMutexLock(nq);
+            if (nq->qh) {
+                nfq_destroy_queue(nq->qh);
+                nq->qh = NULL;
+            }
+            NFQMutexUnlock(nq);
             break;
         }
         NFQRecvPkt(nq, ntv);