Too many open files

Question

Too many open files

strizhechenko opened this issue 7 years ago · 2 comments

https://twitter.com/strizhechenko/status/900325239678267392

if not tcp_stream:
  tcp_stream:create()
  if current_packet is not a SYN:
    tcp_stream:mark_as_corrupted()
  else:
    tcp_stream.client = current_packet.src_ip
if tcp_stream.corrupted || tcp_stream.finished:
  return
tcp_stream.dumper:new_for_current()
if current_packet.ip_src == tcp_stream.client:
  if current_packet.tcp.flags == FIN || current_packet.tcp.flags == RST:
    tcp_stream.dumper:flush()
    tcp_stream.dumper:close()
    tcp_stream:mark_as_finished()

Answer 1 · 2017-08-23T14:57:33.000Z

With #2 it now breaks at ≈13900 packets (≈1500 tcp-streams) instead of 250 streams.

Answer 2 · 2017-08-24T08:03:11.000Z

ulimit -n 8196 make you able to process ≈49000 tcp stream.