Hello,
diff below seems to make empty log message go way.
we have to check if sig_alrm fired here in pflogd:
725 while (1) {
726 np = pcap_dispatch(hpcap, PCAP_NUM_PKTS,
727 phandler, (u_char *)dpcap);
728 if (np < 0) {
729 if (!if_exists(interface)) {
730 logmsg(LOG_NOTICE, "interface %s went away",
731 interface);
732 ret = -1;
733 break;
734 }
if alarm fires it interrupts pcap_read() called by
pcap_dispatch() we enter at line 726:
75 again:
76 /*
77 * Has "pcap_breakloop()" been called?
78 */
79 if (p->break_loop) {
80 /*
81 * Yes - clear the flag that indicates that it
82 * has, and return PCAP_ERROR_BREAK to indicate
83 * that we were told to break out of the loop.
84 */
85 p->break_loop = 0;
86 return (PCAP_ERROR_BREAK);
87 }
88
89 cc = p->cc;
90 if (p->cc == 0) {
91 cc = read(p->fd, (char *)p->buffer, p->bufsize);
92 if (cc == -1) {
93 /* Don't choke when we get ptraced */
94 switch (errno) {
95
96 case EINTR:
97 goto again;
98
I believe read at line 92 returns with EINTER, so we jump to
line to 75. If ALARM fires the condition at line 79 is true,
because pflogd's alarm handlers calls pcap_breakloop():
174 void
175 sig_alrm(int sig)
176 {
177 pcap_breakloop(hpcap);
178 gotsig_alrm = 1;
179 }
this makes me thinking the one-liner below is the fix we want.
regards
sashan
--------8<---------------8<---------------8<------------------8<--------
diff --git a/sbin/pflogd/pflogd.c b/sbin/pflogd/pflogd.c
index 271e46326ee..42ca066b7e7 100644
--- a/sbin/pflogd/pflogd.c
+++ b/sbin/pflogd/pflogd.c
@@ -732,7 +732,8 @@ main(int argc, char **argv)
ret = -1;
break;
}
- logmsg(LOG_NOTICE, "%s", pcap_geterr(hpcap));
+ if (gotsig_alrm == 0)
+ logmsg(LOG_NOTICE, "%s", pcap_geterr(hpcap));
}
if (gotsig_close)
