PCAP_LOOP_SLEEP bug fix to 1/10th of a second

[server] Updated PCAP_LOOP_SLEEP default to 1/10th of a second (in microseconds). This was supposed to be the default anyway, but C Anthony Risinger reported a bug where fwknopd was consuming more resources than necessary, and the cause was PCAP_LOOP_SLEEP set by default to 1/100th of a second - this has been fixed.
mrash · Jul 24, 2012 · 5387242 · 5387242
1 parent 6255bff
commit 5387242
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 9 deletions.
diff --git a/CREDITS b/CREDITS
@@ -24,3 +24,7 @@ Andy Rowland
       access.conf file would result in access requests that matched the second
       stanza to always be treated as a replay attack.  This has been fixed for
       the fwknop-2.0.1 release.
+
+C Anthony Risinger
+    - Caught a bug where the default PCAP_LOOP_SLEEP value was 1/100th of a
+      second instead of the intended default of 1/10th of a second.
diff --git a/ChangeLog b/ChangeLog
@@ -1,5 +1,5 @@
 fwknop-2.0.1 (07//2012):
-    - Bug fix where the same encryption key used for two stanzas in
+    - [server] Bug fix where the same encryption key used for two stanzas in
       the access.conf file would result in access requests that matched the
       second stanza to always be treated as a replay attack.  This has been
       fixed for the fwknop-2.0.1 release, and was reported by Andy Rowland. Now
@@ -9,8 +9,13 @@ fwknop-2.0.1 (07//2012):
       digest list right after the first access.conf stanza match, so when SPA
       packet data matched the second access.conf stanza a matching replay
       digest would already be there.
-    - Added SPA message validation calls to fko decoding routines to help
+    - [server] Updated PCAP_LOOP_SLEEP default to 1/10th of a second (in
-      ensure that SPA messages conform to expected values.
+      microseconds).  This was supposed to be the default anyway, but C
+      Anthony Risinger reported a bug where fwknopd was consuming more
+      resources than necessary, and the cause was PCAP_LOOP_SLEEP set by
+      default to 1/100th of a second - this has been fixed.
+    - [libfko] Added SPA message validation calls to fko decoding routines to
+      help ensure that SPA messages conform to expected values.
     - Bug fix for PF firewalls: updated the PF anchor check to not rely on
       listing the PF policy - fwknopd now uses 'pfctl -s Anchor' instead.
     - [test suite] Added parsing of valgrind output to produce a listing of
@@ -20,8 +25,8 @@ fwknop-2.0.1 (07//2012):
       instead of libfko.so.  This fixes the existence check for libfko.
     - [test suite] Added tests for --nat-local mode.
     - [client] Fixed several minor memory leaks caught by valgrind.
-    - Minor gcc warning fix: fko_decode.c:43:17: warning: variable ‘edata_size’
+    - [libfko] Minor gcc warning fix: fko_decode.c:43:17: warning: variable
-      set but not used [-Wunused-but-set-variable].
+      ‘edata_size’ set but not used [-Wunused-but-set-variable].
 
 fwknop-2.0 (01/02/2012):
     - This is the first production release that has been completely re-written

diff --git a/server/config_init.h b/server/config_init.h
@@ -36,7 +36,7 @@
 
 /* For integer variable range checking
 */
-#define RCHK_MAX_PCAP_LOOP_SLEEP            100000  /* microseconds */
+#define RCHK_MAX_PCAP_LOOP_SLEEP            10000000  /* microseconds, 10 seconds */
 #define RCHK_MAX_SPA_PACKET_AGE             100000  /* seconds, can disable */
 #define RCHK_MAX_SNIFF_BYTES                1514
 #define RCHK_MAX_TCPSERV_PORT               65535

diff --git a/server/fwknopd.conf b/server/fwknopd.conf
@@ -74,8 +74,8 @@
 #PCAP_DISPATCH_COUNT            0;
 
 # Sets the number of microseconds to passed as an argument to usleep() in
-# the pcap loop.  The default is 10000, or 1/10th of a second.
+# the pcap loop.  The default is 100000 microseconds, or 1/10th of a second.
-#PCAP_LOOP_SLEEP                10000;
+#PCAP_LOOP_SLEEP                100000;
 
 # Allow SPA clients to request access to services through an iptables
 # firewall instead of just to it (i.e. access through the FWKNOP_FORWARD

diff --git a/server/fwknopd_common.h b/server/fwknopd_common.h
@@ -86,7 +86,7 @@
 #define DEF_ENABLE_PCAP_PROMISC         "N"
 #define DEF_PCAP_FILTER                 "udp port 62201"
 #define DEF_PCAP_DISPATCH_COUNT         "0"
-#define DEF_PCAP_LOOP_SLEEP             "10000" /* a tenth of a second */
+#define DEF_PCAP_LOOP_SLEEP             "100000" /* a tenth of a second (in microseconds) */
 #define DEF_ENABLE_SPA_PACKET_AGING     "Y"
 #define DEF_MAX_SPA_PACKET_AGE          "120"
 #define DEF_ENABLE_DIGEST_PERSISTENCE   "Y"