David Malone wrote:
dwmalone 2006-07-24 15:42:04 UTC
FreeBSD src repository
Modified files:
sys/net bpf.c
Log:
Rather than calling mircotime() in catchpacket(), make catchpacket()
take a timeval indicating when the packet was captured. Move
microtime() to the calling functions and grab the timestamp as soon
as we know that we're going to call catchpacket at least once.
This means that we call microtime() once per matched packet, as
opposed to once per matched packet per bpf listener. It also means
that we return the same timestamp to all bpf listeners, rather than
slightly different ones.
It would be more accurate to call microtime() even earlier for all
packets, as you have to grab (1+#listener) locks before you can
determine if the packet will be logged. You could always grab a
timestamp before the locks, but microtime() can be costly, so this
didn't seem like a good idea.
(I guess most ethernet interfaces will have a bpf listener these
days because of dhclient. That means that we could be doing two bpf
locks on most packets going through the interface.)
PR: 71711
Revision Changes Path
1.170 +30 -6 src/sys/net/bpf.c
Thanks for taking care of this! It is not very desirable for the same
packet to have different timestamps associated with it across different
bpf peers. It certainly could cause a problem if people are using
timestamps to correlate events from different programs on the same system.
--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
