Alexandr Nedvedicky <[email protected]> writes:
> Hello,
>
> diff below seems to make empty log message go way.
I can't speak for correctness, but I can confirm pflogd stops writing
empty messages on my machine with the diff.
-dv
> we have to check if sig_alrm fired here in pflogd:
>
>
> 725 while (1) {
> 726 np = pcap_dispatch(hpcap, PCAP_NUM_PKTS,
> 727 phandler, (u_char *)dpcap);
> 728 if (np < 0) {
> 729 if (!if_exists(interface)) {
> 730 logmsg(LOG_NOTICE, "interface %s went
> away",
> 731 interface);
> 732 ret = -1;
> 733 break;
> 734 }
>
> if alarm fires it interrupts pcap_read() called by
> pcap_dispatch() we enter at line 726:
>
> 75 again:
> 76 /*
> 77 * Has "pcap_breakloop()" been called?
> 78 */
> 79 if (p->break_loop) {
> 80 /*
> 81 * Yes - clear the flag that indicates that it
> 82 * has, and return PCAP_ERROR_BREAK to indicate
> 83 * that we were told to break out of the loop.
> 84 */
> 85 p->break_loop = 0;
> 86 return (PCAP_ERROR_BREAK);
> 87 }
> 88
> 89 cc = p->cc;
> 90 if (p->cc == 0) {
> 91 cc = read(p->fd, (char *)p->buffer, p->bufsize);
> 92 if (cc == -1) {
> 93 /* Don't choke when we get ptraced */
> 94 switch (errno) {
> 95
> 96 case EINTR:
> 97 goto again;
> 98
>
> I believe read at line 92 returns with EINTER, so we jump to
> line to 75. If ALARM fires the condition at line 79 is true,
> because pflogd's alarm handlers calls pcap_breakloop():
>
> 174 void
> 175 sig_alrm(int sig)
> 176 {
> 177 pcap_breakloop(hpcap);
> 178 gotsig_alrm = 1;
> 179 }
>
>
> this makes me thinking the one-liner below is the fix we want.
>
> regards
> sashan
>
> --------8<---------------8<---------------8<------------------8<--------
> diff --git a/sbin/pflogd/pflogd.c b/sbin/pflogd/pflogd.c
> index 271e46326ee..42ca066b7e7 100644
> --- a/sbin/pflogd/pflogd.c
> +++ b/sbin/pflogd/pflogd.c
> @@ -732,7 +732,8 @@ main(int argc, char **argv)
> ret = -1;
> break;
> }
> - logmsg(LOG_NOTICE, "%s", pcap_geterr(hpcap));
> + if (gotsig_alrm == 0)
> + logmsg(LOG_NOTICE, "%s", pcap_geterr(hpcap));
> }
>
> if (gotsig_close)
