Bug #1539
Updated by Victor Julien over 8 years ago
We are running Suriata2.1beta4 (with lua rules) on Centos 6.6. Each time a live reload (kill -USR2 $pid) is performed, the number of file handles increases by about 200. After the max file size for the process is reached, Suricata stops alerting but does not crash; and the following is logged: <pre> ... [43126] 1/9/2015 -- 22:35:57 - (detect-lua.c:676) <Error> (DetectLuaThreadInit) -- [ERRCODE: SC_ERR_LUA_ERROR(212)] - couldn't load file: cannot open <file>.lua: Too many open files [43126] 1/9/2015 -- 22:35:57 - (detect-engine.c:1236) <Error> (DetectEngineThreadCtxInitKeywords) -- [ERRCODE: SC_ERR_DETECT_PREPARE(173)] - setting up thread local detect ctx for keyword "luajit" failed ... [43129] 1/9/2015 -- 22:36:17 - (respond-reject-libnet11.c:95) <Error> (RejectSendLibnet11L3IPv4TCP) -- [ERRCODE: SC_ERR_LIBNET_INIT(144)] - libnet_init failed: libnet_open_raw4(): SOCK_RAW allocation failed: Too many open files ... </pre>