cvs commit: src/sys/net bpf.c

Mon Jul 24 15:51:30 UTC 2006

David Malone wrote:
> dwmalone    2006-07-24 15:42:04 UTC
>
>   FreeBSD src repository
>
>   Modified files:
>     sys/net              bpf.c 
>   Log:
>   Rather than calling mircotime() in catchpacket(), make catchpacket()
>   take a timeval indicating when the packet was captured. Move
>   microtime() to the calling functions and grab the timestamp as soon
>   as we know that we're going to call catchpacket at least once.
>   
>   This means that we call microtime() once per matched packet, as
>   opposed to once per matched packet per bpf listener. It also means
>   that we return the same timestamp to all bpf listeners, rather than
>   slightly different ones.
>   
>   It would be more accurate to call microtime() even earlier for all
>   packets, as you have to grab (1+#listener) locks before you can
>   determine if the packet will be logged. You could always grab a
>   timestamp before the locks, but microtime() can be costly, so this
>   didn't seem like a good idea.
>   
>   (I guess most ethernet interfaces will have a bpf listener these
>   days because of dhclient. That means that we could be doing two bpf
>   locks on most packets going through the interface.)
>   
>   PR:             71711
>   
>   Revision  Changes    Path
>   1.170     +30 -6     src/sys/net/bpf.c
>
>
>   
Thanks for taking care of this! It is not very desirable for the same 
packet to have different timestamps associated with it across different 
bpf peers. It certainly could cause a problem if people are using 
timestamps to correlate events from different programs on the same system.

-- 
Christian S.J. Peron
csjp at FreeBSD.ORG
FreeBSD Committer
FreeBSD Security Team