Date: Fri, 12 Sep 2008 06:36:51 GMT From: Duane Wessels <wessels@life-gone-hazy.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/127313: [patch] security/knockd: use less CPU Message-ID: <200809120636.m8C6apxT008432@www.freebsd.org> Resent-Message-ID: <200809120640.m8C6e0Td005745@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 127313 >Category: ports >Synopsis: [patch] security/knockd: use less CPU >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Sep 12 06:40:00 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Duane Wessels >Release: 6.3-STABLE >Organization: >Environment: FreeBSD ipsec.life-gone-hazy.com 6.3-STABLE FreeBSD 6.3-STABLE #1: Sun Aug 17 23:23:58 PDT 2008 root@life-gone-hazy.com:/usr/obj/usr/src/sys/SOEKRIS i386 >Description: knockd uses too much CPU, especially on systems with slower or low-power CPUS (such as the Soekris net4501). The timeout argument to pcap_open_live (1 ms) seems unreasonably small. On a soekris box it uses 15% of CPU. Setting the timeout to 1 second reduces it to "0.00%". >How-To-Repeat: Install and configure on a system with ~133 MHz CPU. Check process CPU usage with 'top'. >Fix: Patch attached with submission follows: --- src/knockd.c.orig 2008-09-11 23:24:37.000000000 -0700 +++ src/knockd.c 2008-09-11 23:24:49.000000000 -0700 @@ -200,7 +200,7 @@ } #if defined(__FreeBSD__) || defined(__APPLE__) - cap = pcap_open_live(o_int, 65535, 0, 1, pcapErr); + cap = pcap_open_live(o_int, 65535, 0, 1000, pcapErr); #else cap = pcap_open_live(o_int, 65535, 0, 0, pcapErr); #endif >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809120636.m8C6apxT008432>