ports/127313: [patch] security/knockd: use less CPU
Duane Wessels
wessels at life-gone-hazy.com
Fri Sep 12 06:40:01 UTC 2008
>Number: 127313
>Category: ports
>Synopsis: [patch] security/knockd: use less CPU
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Sep 12 06:40:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Duane Wessels
>Release: 6.3-STABLE
>Organization:
>Environment:
FreeBSD ipsec.life-gone-hazy.com 6.3-STABLE FreeBSD 6.3-STABLE #1: Sun Aug 17 23:23:58 PDT 2008 root at life-gone-hazy.com:/usr/obj/usr/src/sys/SOEKRIS i386
>Description:
knockd uses too much CPU, especially on systems with slower or low-power
CPUS (such as the Soekris net4501).
The timeout argument to pcap_open_live (1 ms) seems unreasonably small. On a
soekris box it uses 15% of CPU. Setting the timeout to 1 second reduces it to
"0.00%".
>How-To-Repeat:
Install and configure on a system with ~133 MHz CPU. Check process CPU
usage with 'top'.
>Fix:
Patch attached with submission follows:
--- src/knockd.c.orig 2008-09-11 23:24:37.000000000 -0700
+++ src/knockd.c 2008-09-11 23:24:49.000000000 -0700
@@ -200,7 +200,7 @@
}
#if defined(__FreeBSD__) || defined(__APPLE__)
- cap = pcap_open_live(o_int, 65535, 0, 1, pcapErr);
+ cap = pcap_open_live(o_int, 65535, 0, 1000, pcapErr);
#else
cap = pcap_open_live(o_int, 65535, 0, 0, pcapErr);
#endif
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list