Snort mailing list archives

Re: snort 1.9.x still holds fd open on sighup

From: Jeff Nathan <jeff () snort org>
Date: Tue, 04 Mar 2003 18:58:33 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael,

Thanks for the report.

I'll fix this behavior in the 1.9 branch and HEAD.

- -Jeff

- --On Monday, March 03, 2003 17:54:48 -0500 Michael Scheidell 
<scheidell () secnap net> wrote:

Snort starting with I think 1.8.7, when compiled with --enable-flexresp
will hold an extra fd open on sighup.

I had reported this before, and am sorry for not totally tracking it
down, but it still does in on snort 1.9.1

this compiled without --enable-flexresp:, hup works fine:

sockstat | grep snort
root     snort    34180    4 dgram  syslogd[76]:3
killall -HUP snort
sockstat | grep snort
root     snort    34180    4 dgram  syslogd[76]:3

looks fine, only on fd open.

now, compile with --enable-flexresp. (using libnet 1.02a from fbsd ports)
each hup will leave the original fd open, and open a second.
start snort:
sockstat | grep snort
root     snort    41101   10 ip64   *:*                   *:*
root     snort    41101    4 dgram  syslogd[76]:3

killall -HUP snort
sockstat | grep snort

root     snort    41124   10 ip64   *:*                   *:*
root     snort    41124   12 ip64   *:*                   *:*
root     snort    41124    4 dgram  syslogd[76]:3

subsequent hup will open up additional fd's till, well, you know.

--
Michael Scheidell, CEO
SECNAP Network Security, LLC
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Looking for a career in Internet security?
http://www.secnap.net/employment/


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The
debugger  for complex code. Debugging C/C++ programs can leave you
feeling lost and  disoriented. TotalView can help you find your way.
Available on major UNIX  and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



- --
http://www.snort.org/~jeff       (pgp key available)
"Perhaps the greatest responsibility in promoting peace is that of
protecting it."
- - Me
    
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)

iD8DBQE+ZWfcEqr8+Gkj0/0RAox/AJ9eJsxljZAg4ztRCkoLNwMmTL4zxQCfb7Zd
mfV4OQxFvgUVbB6Xc1vpjh8=
=QOFI
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort 1.9.x still holds fd open on sighup Michael Scheidell (Mar 03)
- Re: snort 1.9.x still holds fd open on sighup Jeff Nathan (Mar 04)