lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 4 Sep 2007 09:59:58 +0200
From:	Eric Dumazet <dada1@...mosbay.com>
To:	Stephen Hemminger <shemminger@...ux-foundation.org>
Cc:	"David S. Miller" <davem@...emloft.net>, Andi Kleen <ak@...e.de>,
	netdev@...r.kernel.org
Subject: Re: af_packet: don't enable global timestamps

On Tue, 4 Sep 2007 06:35:25 +0100
Stephen Hemminger <shemminger@...ux-foundation.org> wrote:

> Andi mentioned he did something like this already, but never
> submitted it.
> 
> The dhcp client application uses AF_PACKET with a packet filter to
> receive data. The application doesn't even use timestamps, but because
> the AF_PACKET API has timestamps, they get turned on globally which
> causes an expensive time of day lookup for every packet received
> on any system that uses the standard DHCP client.
> 
> The fix is to not enable the timestamp (but use if if available).
> This causes the time lookup to only occur on those packets
> that are destined for the AF_PACKET socket. 
> The timestamping occurs after packet filtering
> so all packets dropped by filtering to not cause a clock call.
> 
> The one downside of this a a few microseconds additional delay
> added from the normal timestamping location (netif_rx) until the
> receive callback in AF_PACKET. But since the offset is fairly consistent
> it should not upset applications that do want really use timestamps,
> like wireshark.

This patch seems the correct fix for this longstanding problem.

Please note that if wireshark/tcpdump processes really want precise timestamps, 
they still can ask this by using setsockopt(SO_TIMESTAMP or SO_TIMESTAMPNS) on their private socket.

(We already know that running a sniffer has a cost anyway)

> 
> Signed-off-by: Stephen Hemminger <shemminger@...ux-foundation.org>
> 
> 
> --- a/net/packet/af_packet.c	2007-07-23 09:31:26.000000000 +0100
> +++ b/net/packet/af_packet.c	2007-09-03 14:55:00.000000000 +0100
> @@ -640,11 +640,10 @@ static int tpacket_rcv(struct sk_buff *s
>  	h->tp_snaplen = snaplen;
>  	h->tp_mac = macoff;
>  	h->tp_net = netoff;
> -	if (skb->tstamp.tv64 == 0) {
> -		__net_timestamp(skb);
> -		sock_enable_timestamp(sk);
> -	}
> -	tv = ktime_to_timeval(skb->tstamp);
> +	if (skb->tstamp.tv64)
> +		tv = ktime_to_timeval(skb->tstamp);
> +	else
> +		do_gettimeofday(&tv);
>  	h->tp_sec = tv.tv_sec;
>  	h->tp_usec = tv.tv_usec;
>  

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ