[Oisf-users] Number of handles used by suricata
Victor Julien
lists at inliniac.net
Tue Dec 5 18:19:03 UTC 2017
On 05-12-17 19:07, Ruslan Usmanov wrote:
> Is number of open handles by suricata is an area of concern?
>
> I noticed when suricata is running with default configuration (max-frags
> = 65535 with prealloc, flow hash_size = 65536), the process keeps open
> 220,000 handles.
>
> By bringing down number of these items, we can save up to 200k handles
> on the system. I understand the reason is because each defrag and flow
> requires its own mutex and handle.
>
> What are you doing - just ignore the number of open handles, or using
> lower values, and what are recommended number of defrags/flows, having
> in mind we still want to keep system protected?
I've really only seen this to be an issue on windows (cygwin). In linux
a mutex isn't really a handle with the OS.
For Windows I do have a test branch that uses a pools of mutexes instead
of a mutex per object. Could revive that if there is interest.
What OS are you on?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list