snort 1.9.x still holds fd open on sighup

[Michael Scheidell <scheidell () secnap net>]

Snort starting with I think 1.8.7, when compiled with --enable-flexresp
will hold an extra fd open on sighup.

I had reported this before, and am sorry for not totally tracking it
down, but it still does in on snort 1.9.1

this compiled without --enable-flexresp:, hup works fine:

sockstat | grep snort
root     snort    34180    4 dgram  syslogd[76]:3
killall -HUP snort
sockstat | grep snort
root     snort    34180    4 dgram  syslogd[76]:3

looks fine, only on fd open.

now, compile with --enable-flexresp. (using libnet 1.02a from fbsd ports)
each hup will leave the original fd open, and open a second.
start snort:
sockstat | grep snort
root     snort    41101   10 ip64   *:*                   *:*
root     snort    41101    4 dgram  syslogd[76]:3

killall -HUP snort
sockstat | grep snort

root     snort    41124   10 ip64   *:*                   *:*
root     snort    41124   12 ip64   *:*                   *:*
root     snort    41124    4 dgram  syslogd[76]:3

subsequent hup will open up additional fd's till, well, you know.

-- 
Michael Scheidell, CEO
SECNAP Network Security, LLC 
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Looking for a career in Internet security?
http://www.secnap.net/employment/


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users