From owner-cvs-src@FreeBSD.ORG Mon Jul 24 15:51:30 2006 Return-Path: X-Original-To: cvs-src@FreeBSD.org Delivered-To: cvs-src@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 28B6D16A4DE for ; Mon, 24 Jul 2006 15:51:30 +0000 (UTC) (envelope-from csjp@FreeBSD.org) Received: from ems01.seccuris.com (ems01.seccuris.com [204.112.0.35]) by mx1.FreeBSD.org (Postfix) with SMTP id DF72B43D7D for ; Mon, 24 Jul 2006 15:51:20 +0000 (GMT) (envelope-from csjp@FreeBSD.org) Received: (qmail 97391 invoked by uid 86); 24 Jul 2006 16:02:16 -0000 Received: from unknown (HELO ?127.0.0.1?) (204.112.0.40) by ems01.seccuris.com with SMTP; 24 Jul 2006 16:02:16 -0000 Message-ID: <44C4EC78.8060401@FreeBSD.org> Date: Mon, 24 Jul 2006 10:51:20 -0500 From: "Christian S.J. Peron" User-Agent: Thunderbird 1.5.0.4 (Macintosh/20060530) MIME-Version: 1.0 To: David Malone References: <200607241542.k6OFg5ck098374@repoman.freebsd.org> In-Reply-To: <200607241542.k6OFg5ck098374@repoman.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/net bpf.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Jul 2006 15:51:30 -0000 David Malone wrote: > dwmalone 2006-07-24 15:42:04 UTC > > FreeBSD src repository > > Modified files: > sys/net bpf.c > Log: > Rather than calling mircotime() in catchpacket(), make catchpacket() > take a timeval indicating when the packet was captured. Move > microtime() to the calling functions and grab the timestamp as soon > as we know that we're going to call catchpacket at least once. > > This means that we call microtime() once per matched packet, as > opposed to once per matched packet per bpf listener. It also means > that we return the same timestamp to all bpf listeners, rather than > slightly different ones. > > It would be more accurate to call microtime() even earlier for all > packets, as you have to grab (1+#listener) locks before you can > determine if the packet will be logged. You could always grab a > timestamp before the locks, but microtime() can be costly, so this > didn't seem like a good idea. > > (I guess most ethernet interfaces will have a bpf listener these > days because of dhclient. That means that we could be doing two bpf > locks on most packets going through the interface.) > > PR: 71711 > > Revision Changes Path > 1.170 +30 -6 src/sys/net/bpf.c > > > Thanks for taking care of this! It is not very desirable for the same packet to have different timestamps associated with it across different bpf peers. It certainly could cause a problem if people are using timestamps to correlate events from different programs on the same system. -- Christian S.J. Peron csjp@FreeBSD.ORG FreeBSD Committer FreeBSD Security Team