On Mon, Feb 13, 2023 at 08:30:03AM +0100, Alexandr Nedvedicky wrote:
> Hello,
>
> This diff looks good to me. Though I still have some
> doubts about accuracy of comment here:
>
>
> > return (kn->kn_data > 0);
> > @@ -1510,6 +1599,15 @@ bpf_catchpacket(struct bpf_d *d, u_char
> >
Hello,
This diff looks good to me. Though I still have some
doubts about accuracy of comment here:
> return (kn->kn_data > 0);
> @@ -1510,6 +1599,15 @@ bpf_catchpacket(struct bpf_d *d, u_char
> ++d->bd_dcount;
> return;
> }
> +
> +
deraadt@ noticed that pflogd wakes up twice a second, event if it has
nothing to do or log. the reason for this is how bpf works.
when you try and read from a bpf file descriptor, there are three
reasons that the read will finish.
the first is the obvious one: the bpf packet buffer in the kernel
