Snort mailing list archives

snort 1.87beta5 still holds some fds on HUP

From: "Michael Scheidell" <scheidell () secnap net>
Date: Tue, 28 May 2002 08:33:45 -0400

Thanks for finding that bpf problem on FREEBSD/*BSD where a hup would keep
the bpf's open till there were none available.

Have a similar problem.
FBSD 4.5, snort 1.8.7beta5

Checking to see if bpf's held open on hup (fixed thanks) but the bpf FILTER
file is not closed:
(killall -HUP on FBSD does a pkill snort, and sends a HUP to snort)

scanner# lsof | grep bpf
snort     13132      root    3r  VREG 116,262149         19  476837
/usr/local/share/snort/snort.bpf
snort     13132      root    4r  VCHR       23,0 0t34803126    7187
/dev/bpf0
scanner# killall -HUP snort
scanner# lsof | grep bpf
snort     13132      root    3r  VREG 116,262149         19  476837
/usr/local/share/snort/snort.bpf
snort     13132      root    4r  VREG 116,262149         19  476837
/usr/local/share/snort/snort.bpf
snort     13132      root    5r  VCHR       23,0    0t10890    7187
/dev/bpf0

snort started thus:
/usr/local/bin/snort -doDI -m 022 -z \
-F /usr/local/share/snort/snort.bpf \
-c /usr/local/etc/snort.conf -i rl0 -l /var/log/snort

--
Michael Scheidell
SECNAP Network Security, LLC
(561) 368-9561 scheidell () secnap net
http://www.secnap.net


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort 1.87beta5 still holds some fds on HUP Michael Scheidell (May 28)