Snort mailing list archives
Re: snort 1.9.x still holds fd open on sighup
From: Jeff Nathan <jeff () snort org>
Date: Tue, 04 Mar 2003 18:58:33 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael, Thanks for the report. I'll fix this behavior in the 1.9 branch and HEAD. - -Jeff - --On Monday, March 03, 2003 17:54:48 -0500 Michael Scheidell <scheidell () secnap net> wrote:
Snort starting with I think 1.8.7, when compiled with --enable-flexresp will hold an extra fd open on sighup. I had reported this before, and am sorry for not totally tracking it down, but it still does in on snort 1.9.1 this compiled without --enable-flexresp:, hup works fine: sockstat | grep snort root snort 34180 4 dgram syslogd[76]:3 killall -HUP snort sockstat | grep snort root snort 34180 4 dgram syslogd[76]:3 looks fine, only on fd open. now, compile with --enable-flexresp. (using libnet 1.02a from fbsd ports) each hup will leave the original fd open, and open a second. start snort: sockstat | grep snort root snort 41101 10 ip64 *:* *:* root snort 41101 4 dgram syslogd[76]:3 killall -HUP snort sockstat | grep snort root snort 41124 10 ip64 *:* *:* root snort 41124 12 ip64 *:* *:* root snort 41124 4 dgram syslogd[76]:3 subsequent hup will open up additional fd's till, well, you know. -- Michael Scheidell, CEO SECNAP Network Security, LLC Sales: 866-SECNAPNET / (1-866-732-6276) Main: 561-368-9561 / www.secnap.net Looking for a career in Internet security? http://www.secnap.net/employment/ ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
- -- http://www.snort.org/~jeff (pgp key available) "Perhaps the greatest responsibility in promoting peace is that of protecting it." - - Me -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (OpenBSD) iD8DBQE+ZWfcEqr8+Gkj0/0RAox/AJ9eJsxljZAg4ztRCkoLNwMmTL4zxQCfb7Zd mfV4OQxFvgUVbB6Xc1vpjh8= =QOFI -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort 1.9.x still holds fd open on sighup Michael Scheidell (Mar 03)
- Re: snort 1.9.x still holds fd open on sighup Jeff Nathan (Mar 04)