[conntrack-tools] conntrackd: add clause to enable ctnetlink reliable event delivery

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Tue Jul 21 14:37:31 CEST 2009 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=0521db731c0daa417a3dfb67fba7c6f80596e553
commit 0521db731c0daa417a3dfb67fba7c6f80596e553
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Tue Jul 21 14:36:18 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Tue Jul 21 14:36:18 2009 +0200

    conntrackd: add clause to enable ctnetlink reliable event delivery
    
    This patch adds the NetlinkEventsReliable clause, this is useful
    to turn on reliable Netlink event delivery. This features
    requires a Linux kernel >= 2.6.31.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  0521db731c0daa417a3dfb67fba7c6f80596e553 (commit)
      from  441342f4701a4bbc41c24721d4c60b857e1c5d1e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0521db731c0daa417a3dfb67fba7c6f80596e553
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Tue Jul 21 14:36:18 2009 +0200

    conntrackd: add clause to enable ctnetlink reliable event delivery
    
    This patch adds the NetlinkEventsReliable clause, this is useful
    to turn on reliable Netlink event delivery. This features
    requires a Linux kernel >= 2.6.31.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 doc/stats/conntrackd.conf        |    7 +++++++
 doc/sync/alarm/conntrackd.conf   |    7 +++++++
 doc/sync/ftfw/conntrackd.conf    |    8 ++++++++
 doc/sync/notrack/conntrackd.conf |    7 +++++++
 include/conntrackd.h             |    3 +++
 src/netlink.c                    |   12 ++++++++++++
 src/read_config_lex.l            |    1 +
 src/read_config_yy.y             |   13 ++++++++++++-
 8 files changed, 57 insertions(+), 1 deletions(-)
This patch adds the NetlinkEventsReliable clause, this is useful
to turn on reliable Netlink event delivery. This features
requires a Linux kernel >= 2.6.31.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/doc/stats/conntrackd.conf b/doc/stats/conntrackd.conf
index 8945293..ef6a698 100644
--- a/doc/stats/conntrackd.conf
+++ b/doc/stats/conntrackd.conf
@@ -110,6 +110,13 @@ Stats {
 	#
 	LogFile on
 
+	# If you want reliable event reporting over Netlink, set on this
+	# option. If you set on this clause, it is a good idea to set off
+	# NetlinkOverrunResync. This option is off by default and you need
+	# a Linux kernel >= 2.6.31.
+	#
+	# NetlinkEventsReliable Off
+
 	# 
 	# By default, the daemon receives state updates following an
 	# event-driven model. You can modify this behaviour by switching to
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index a108569..805a531 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -278,6 +278,13 @@ General {
 	#
 	# NetlinkOverrunResync On
 
+	# If you want reliable event reporting over Netlink, set on this
+	# option. If you set on this clause, it is a good idea to set off
+	# NetlinkOverrunResync. This option is off by default and you need
+	# a Linux kernel >= 2.6.31.
+	#
+	# NetlinkEventsReliable Off
+
 	# 
 	# By default, the daemon receives state updates following an
 	# event-driven model. You can modify this behaviour by switching to
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index c1208f9..ceca224 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -287,6 +287,14 @@ General {
 	#
 	# NetlinkOverrunResync On
 
+	#
+	# If you want reliable event reporting over Netlink, set on this
+	# option. If you set on this clause, it is a good idea to set off
+	# NetlinkOverrunResync. This option is off by default and you need
+	# a Linux kernel >= 2.6.31.
+	#
+	# NetlinkEventsReliable Off
+
 	# 
 	# By default, the daemon receives state updates following an
 	# event-driven model. You can modify this behaviour by switching to
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index b528fab..1efeb81 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -268,6 +268,13 @@ General {
 	#
 	# NetlinkOverrunResync On
 
+	# If you want reliable event reporting over Netlink, set on this
+	# option. If you set on this clause, it is a good idea to set off
+	# NetlinkOverrunResync. This option is off by default and you need
+	# a Linux kernel >= 2.6.31.
+	#
+	# NetlinkEventsReliable Off
+
 	# 
 	# By default, the daemon receives state updates following an
 	# event-driven model. You can modify this behaviour by switching to
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 12fd17f..907ce33 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -96,6 +96,9 @@ struct ct_conf {
 	int filter_from_kernelspace;
 	int event_iterations_limit;
 	struct {
+		int events_reliable;
+	} netlink;
+	struct {
 		int commit_steps;
 	} general;
 	struct {
diff --git a/src/netlink.c b/src/netlink.c
index 5c07201..a43f782 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -75,6 +75,18 @@ struct nfct_handle *nl_init_event_handler(void)
 		CONFIG(netlink_buffer_size_max_grown) =
 					CONFIG(netlink_buffer_size);
 
+	if (CONFIG(netlink).events_reliable) {
+		int on = 1;
+
+		setsockopt(nfct_fd(h), SOL_NETLINK,
+			   NETLINK_BROADCAST_SEND_ERROR, &on, sizeof(int));
+
+		setsockopt(nfct_fd(h), SOL_NETLINK,
+			   NETLINK_NO_ENOBUFS, &on, sizeof(int));
+
+		dlog(LOG_NOTICE, "reliable ctnetlink event delivery "
+				 "is ENABLED.");
+	}
 	return h;
 }
 
diff --git a/src/read_config_lex.l b/src/read_config_lex.l
index cd03ad4..dad7555 100644
--- a/src/read_config_lex.l
+++ b/src/read_config_lex.l
@@ -134,6 +134,7 @@ notrack		[N|n][O|o][T|t][R|r][A|a][C|c][K|k]
 "Scheduler"			{ return T_SCHEDULER; }
 "Type"				{ return T_TYPE; }
 "Priority"			{ return T_PRIO; }
+"NetlinkEventsReliable"		{ return T_NETLINK_EVENTS_RELIABLE; }
 
 {is_on}			{ return T_ON; }
 {is_off}		{ return T_OFF; }
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 0e9b99b..87f99b6 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -71,7 +71,7 @@ static void __max_dedicated_links_reached(void);
 %token T_FILTER T_ADDRESS T_PROTOCOL T_STATE T_ACCEPT T_IGNORE
 %token T_FROM T_USERSPACE T_KERNELSPACE T_EVENT_ITER_LIMIT T_DEFAULT
 %token T_NETLINK_OVERRUN_RESYNC T_NICE T_IPV4_DEST_ADDR T_IPV6_DEST_ADDR
-%token T_SCHEDULER T_TYPE T_PRIO
+%token T_SCHEDULER T_TYPE T_PRIO T_NETLINK_EVENTS_RELIABLE
 
 %token <string> T_IP T_PATH_VAL
 %token <val> T_NUMBER
@@ -873,6 +873,7 @@ general_line: hashsize
 	    | poll_secs
 	    | filter
 	    | netlink_overrun_resync
+	    | netlink_events_reliable
 	    | nice
 	    | scheduler
 	    ;
@@ -902,6 +903,16 @@ netlink_overrun_resync : T_NETLINK_OVERRUN_RESYNC T_NUMBER
 	conf.nl_overrun_resync = $2;
 };
 
+netlink_events_reliable : T_NETLINK_EVENTS_RELIABLE T_ON
+{
+	conf.netlink.events_reliable = 1;
+};
+
+netlink_events_reliable : T_NETLINK_EVENTS_RELIABLE T_OFF
+{
+	conf.netlink.events_reliable = 0;
+};
+
 nice : T_NICE T_SIGNED_NUMBER
 {
 	conf.nice = $2;

More information about the netfilter-cvslog mailing list