[Wireshark-bugs] [Bug 13597] Adding or removing columns causes scrollbar havoc.

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13597

Dylan  changed:

   What|Removed |Added

 Ever confirmed|0   |1
 Status|UNCONFIRMED |CONFIRMED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

--- Comment #8 from Gerrit Code Review  ---
Change 36582 had a related patch set uploaded by Guy Harris:
Maintain cf->state, because file cleanup depends on it.

https://code.wireshark.org/review/36582

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

Guy Harris  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |FIXED

--- Comment #10 from Guy Harris  ---
Checked into the master, 3.2, and 3.0 branches, so it should be in the next
3.2.x and 3.0.x releases.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

--- Comment #9 from Gerrit Code Review  ---
Change 36582 merged by Guy Harris:
Maintain cf->state, because file cleanup depends on it.

https://code.wireshark.org/review/36582

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

--- Comment #7 from Gerrit Code Review  ---
Change 36581 merged by Guy Harris:
Maintain cf->state, because file cleanup depends on it.

https://code.wireshark.org/review/36581

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

--- Comment #5 from Gerrit Code Review  ---
Change 36580 merged by Guy Harris:
Maintain cf->state, because file cleanup depends on it.

https://code.wireshark.org/review/36580

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

--- Comment #6 from Gerrit Code Review  ---
Change 36581 had a related patch set uploaded by Guy Harris:
Maintain cf->state, because file cleanup depends on it.

https://code.wireshark.org/review/36581

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

--- Comment #4 from Gerrit Code Review  ---
Change 36580 had a related patch set uploaded by Guy Harris:
Maintain cf->state, because file cleanup depends on it.

https://code.wireshark.org/review/36580

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

Guy Harris  changed:

   What|Removed |Added

 Ever confirmed|0   |1
 Status|UNCONFIRMED |CONFIRMED
   Hardware|x86-64  |All
 OS|SuSE|All

--- Comment #3 from Guy Harris  ---
Reproduced on macOS 10.15.4 with 3.2.2 (v3.2.2-0-ga3efece3d640) and

tshark -i en0 -T ek -b duration:60 -w /tmp/gonein60seconds.pcapng
>/dev/null

It has to produce *some* text output, otherwise it doesn't even bother opening
the files to which dumpcap is writing.  -T text would probably work as well.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

--- Comment #2 from Guy Harris  ---
(In reply to fabian from comment #0)
> I can see, that tshark is still pointing to the captured files which were
> moved by the other service:

Yes, TShark simply should not have to have anywhere near 1024 files open; this
is a file descriptor leak.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #10 from Peter Wu  ---
You could try to diff the full build logs for both builds, perhaps it is a bug
in the compiler or one of the other Ubuntu packages?

@Mikael it may be worth setting WIRESHARK_CONFIG_DIR=/x or HOME=/x before
running valgrind. This ensures that the test is executed with an empty
configuration profile. That may or may not have side-effects that affect the
result.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #9 from Dario Lombardo  ---
(In reply to Mikael Kanstrup from comment #8)
> Not sure if you saw already but first I didn't. In the failing log there are
> a bunch of tests failing. Most of them are decryption tests but there are
> other failing tests too.
> 
> == 33 failed, 517 passed, 20 skipped, 6 warnings in 87.60s (0:01:27)
> ===

I checked and they all come from decryption suite.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #8 from Mikael Kanstrup  ---
Not sure if you saw already but first I didn't. In the failing log there are a
bunch of tests failing. Most of them are decryption tests but there are other
failing tests too.

== 33 failed, 517 passed, 20 skipped, 6 warnings in 87.60s (0:01:27)
===

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16455] IPv6 Extension Headers not highlighted in Packet Byte Pane

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16455

--- Comment #8 from Jaap Keuter  ---
(In reply to leut...@netsniffing.ch from comment #6)
> B.t.w. If  you select frame one in the enclosed file, the highlight works
> correct and markes all 48 bytes! (See Screenshot 3)

This only happens if you switch off 'Reassemble fragmented IPv6 datagrams'.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #7 from Dario Lombardo  ---
ASAN didn't complain as well with your command.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #6 from Mikael Kanstrup  ---
Valgrind unfortunately did not complain. Tried the following with proper
80211_keys configured:

valgrind --tool=memcheck --leak-check=full  ./run/tshark -r
../wireshark/test/captures/owe.pcapng.gz -Y "wlan.analysis.tk ==
10f3deccc00d5c8f629fba7a0fff34aa || wlan.analysis.gtk ==
016b04ae9e6050bcc1f940dda92b" | grep "Who has 192.168.5.2"

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #5 from Mikael Kanstrup  ---
This one was tricky. The error either means decryption failed or that tshark
for some other reason cannot parse ARP properly. I've executed the tests
successfully locally before uploading my patches but I for the latest patch
about MFP I didn't run valgrind. Possibly for some of the other ones too so
maybe there's something ASAN can find.

I'll try running some tests with valgrind.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

--- Comment #4 from Dario Lombardo  ---
Well, I didn't notice it's working again. That makes the search much more
difficult. I'll try with ASAN, I may be lucky with some memory issue.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14660] Create color rule from Filter

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14660

--- Comment #6 from David Perry  ---
Created attachment 17693
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17693&action=edit
Screenshot showing the proposed UI changes

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14660] Create color rule from Filter

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14660

David Perry  changed:

   What|Removed |Added

 CC||boolean...@gmail.com

--- Comment #5 from David Perry  ---
Created attachment 17692
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17692&action=edit
Partial implementation/UI prototype

I thought this bug might help me learn more about the UI side of Wireshark.
I've learned a lot, but not enough to make a complete fix. Still, here's a
partial patch, in case someone more skilled wants to take it from here.

Clicking the "+" next to the display filter box opens the accordion for adding
a filter button as before, but it now offers the UI to allow a user to add a
color filter instead. (I'll add a screenshot.) The buttons for selecting colors
work, and the button for viewing the coloring rules will add the currently
entered filter spec (if any) to the top of the list for the user to edit.

Where it needs work:
* If you open the coloring rules window from this area, it doesn't update the
packet list with any color changes you make.
* I'd like for it to add a color to the coloring rules without having to open
the coloring dialog, but I can't figure out how to make it do that.
* I have more to learn about Qt and Qt Creator. When I moved the "Comment"
field into the tabbed interface, it lost its auto-stretch ability and I haven't
learned enough to get it back yet.

Some of the UI code I added to ui/qt/filter_expression_frame.cpp was adapted
from ui/qt/coloring_rules_dialog.cpp

If it matters, this was developed/tested on Windows 10.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

Peter Wu  changed:

   What|Removed |Added

 CC||mikael.kanst...@gmail.com

--- Comment #3 from Peter Wu  ---
There have recently been changes by Mikael to the 802.11 decryption
functionality, perhaps those are related. Both tests run with Libgcrypt 1.8.1
so that should be recent enough.

It somehow passes on master again,
Build Ubuntu 189 failed:
https://github.com/crondaemon/wireshark/actions/runs/62237995
Build Ubuntu 190 passed:
https://github.com/crondaemon/wireshark/actions/runs/62854146

There are only three commits in that range, none of them seem relevant:
eb439e89f1..5fbe2e4df8

Maybe there is some uninitialized memory, or name resolution going on?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16455] IPv6 Extension Headers not highlighted in Packet Byte Pane

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16455

--- Comment #7 from leut...@netsniffing.ch  ---
Created attachment 17691
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17691&action=edit
Screenshot 3

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16455] IPv6 Extension Headers not highlighted in Packet Byte Pane

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16455

--- Comment #6 from leut...@netsniffing.ch  ---
B.t.w. If  you select frame one in the enclosed file, the highlight works
correct and markes all 48 bytes! (See Screenshot 3)

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16453] Decryption tests fail on ubuntu

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16453

Dario Lombardo  changed:

   What|Removed |Added

 CC||pe...@lekensteyn.nl

--- Comment #2 from Dario Lombardo  ---
I definitely need some inspiration here... Peter, any idea?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] tshark logs: "...could not be opened: Too many open files."

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

--- Comment #1 from fabian  ---
The older version of tshark where this error does not occur was:

TShark (Wireshark) 2.4.16 (v2.4.16)

If I run:

$ ls -l /proc/$(ps -C tshark -o pid= | tr -d " ")/fd

I get some files and sockets, but only one pcap file at a time which is opened
or used by tshark.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16457] New: tshark logs: "...could not be opened: Too many open files."

[bugzilla-daemon]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16457

Bug ID: 16457
   Summary: tshark logs: "...could not be opened: Too many open
files."
   Product: Wireshark
   Version: 3.2.2
  Hardware: x86-64
OS: SuSE
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: TShark
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: rei...@dfn-cert.de
  Target Milestone: ---

Build Information:
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 3.2.2 (Git commit a3efece3d640)

Copyright 1998-2020 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.54.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares
1.15.0-20200117,
with Lua 5.1.5, with GnuTLS 3.6.7 and PKCS #11 support, with Gcrypt 1.8.2, with
MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with
LZ4, without Zstandard, with Snappy, with libxml2 2.9.7.

Running on Linux 4.12.14-lp151.28.40-default, with Common KVM processor, with
x MB of physical memory, with locale de_DE.UTF-8, with libpcap version
1.8.1, with GnuTLS 3.6.7, with Gcrypt 1.8.2, with brotli 1.0.2, with zlib
1.2.11, binary plugins supported (0 loaded).

Built using gcc 7.5.0.

--
I am using tshark like this:

$ tshark -i  -C Export -F libpcap -Tek -x -f "ip and dst net
a.b.c.d/xx and not src net a.b.c.d/xx" -b duration:60 -w
/path/to/store/pcaps/filename.pcap > /dev/null

Every minute it starts opening a new file for storing the new captured packets.
It runs as a systemd service. After an update to version 3.2.2 on 23/03/2020,
the service logs one type of error and stops running tshark. The logs look like
this:

Mär 24 06:22:01  .sh[1694]: tshark: The file
"/usr/share/wireshark/hosts" could not be opened: Too many open files.
Mär 24 06:22:01  .sh[1694]: tshark: The file
"/root/.config/wireshark/profiles/Export/hosts" could not be opened: Too many
open files.
Mär 24 06:22:01  .sh[1694]: tshark: The file
"/root/.config/wireshark/profiles/Export/subnets" could not be opened: Too many
open files.
Mär 24 06:22:01  .sh[1694]: tshark: The file
"/root/.config/wireshark/subnets" could not be opened: Too many open files.
Mär 24 06:22:01  .sh[1694]: tshark: The file
"/usr/share/wireshark/subnets" could not be opened: Too many open files.
Mär 24 06:22:01  .sh[1694]: tshark: The file
"/root/.config/wireshark/profiles/Export/ss7pcs" could not be opened: Too many
open files.
Mär 24 06:23:02  .sh[1694]: tshark: The file
"/usr/share/wireshark/hosts" could not be opened: Too many open files.
Mär 24 06:23:02  .sh[1694]: tshark: The file
"/root/.config/wireshark/profiles/Export/hosts" could not be opened: Too many
open files.
Mär 24 06:23:02  .sh[1694]: tshark: The file
"/root/.config/wireshark/profiles/Export/subnets" could not be opened: Too many
open files.
Mär 24 06:23:02  .sh[1694]: tshark: The file
"/root/.config/wireshark/subnets" could not be opened: Too many open files.
Mär 24 06:23:02  .sh[1694]: tshark: The file
"/usr/share/wireshark/subnets" could not be opened: Too many open files.
Mär 24 06:23:02  .sh[1694]: tshark: The file
"/root/.config/wireshark/profiles/Export/ss7pcs" could not be opened: Too many
open files.
Mär 24 06:23:02  .sh[1694]: tshark: The file
"/path/to/store/pcaps/filename_01020_20200324062302.pcap" could not be opened:
Too many open files.
Mär 24 06:23:02  .sh[1694]: 3742475 packets
captured

After it saves the pcap file and creates a new one, another systemd service
moves the closed file to another directory: /path/to/another/dir/for/pcaps/

If I run:

$ ls -l /proc/$(ps -C tshark -o pid= | tr -d " ")/fd

I can see, that tshark is still pointing to the captured files which were moved
by the other service:

...
lr-x-- 1 root root 64 25. Mär 10:05 6 ->
/path/to/another/dir/for/pcaps/filename_2_20200325100424.pcap   
lr-x-- 1 root root 64 25. Mär 10:06 7 ->
/path/to/another/dir/for/pcaps/filename_3_20200325100524.pcap   
lr-x-- 1 root root 64 25. Mär 10:07 8 ->
/path/to/another/dir/for/pcaps/filename_4_20200325100624.pcap   
lr-x-- 1 root root 64 25. Mär 10:08 9 ->
/path/to/another/dir/for/pcaps/filename_5_20200325100724.pcap   
...

The system allows 1024 open files for each process: 

$ ulimit -a | grep "open files"
open files  (-n) 1024

So, after around 17 hours, the service is stopped, because tshark is pointing
to 1024 opened files. Before I updated to the new version, this did not happen.

-- 
You are receiving this mail because:
You are watching all bug changes.__