From 5c9b9cebbc5ad4018c9c03c3c9c9d49e568d4f86 Mon Sep 17 00:00:00 2001 From: dlg Date: Tue, 9 May 2023 00:01:59 +0000 Subject: [PATCH] switch pflogd from using a bpf read timeout to a wait timeout. a bpf read timeout means every read will end after the timeout expires. because pflogd has a half second read timeout it would sit in a loop doing reads all the time even if there were no packets to log. the wait timeout means that when bpf catches a packet, it will wait a bit for more packets to arrive before waking up the pending read. pflogd now sits in the read syscall until packets are actually available to log. found by deraadt@ and ktrace discussed with and ok sashan@ --- sbin/pflogd/pflogd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sbin/pflogd/pflogd.c b/sbin/pflogd/pflogd.c index 2f53ef39018..6a7a3cbe915 100644 --- a/sbin/pflogd/pflogd.c +++ b/sbin/pflogd/pflogd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pflogd.c,v 1.62 2019/07/25 17:32:33 brynet Exp $ */ +/* $OpenBSD: pflogd.c,v 1.63 2023/05/09 00:01:59 dlg Exp $ */ /* * Copyright (c) 2001 Theo de Raadt @@ -251,8 +251,8 @@ pflog_read_live(const char *source, int slen, int promisc, int to_ms, struct timeval to; to.tv_sec = to_ms / 1000; to.tv_usec = (to_ms * 1000) % 1000000; - if (ioctl(p->fd, BIOCSRTIMEOUT, &to) == -1) { - snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCSRTIMEOUT: %s", + if (ioctl(p->fd, BIOCSWTIMEOUT, &to) == -1) { + snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCSWTIMEOUT: %s", pcap_strerror(errno)); goto bad; } -- 2.20.1