[ulogd2] NFCT: improve netlink overrun handling
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Wed Jul 22 19:39:43 CEST 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=ulogd2.git;a=commit;h=de30adc389621c49e7b77bfdf550d0b1c0804448
commit de30adc389621c49e7b77bfdf550d0b1c0804448
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Jul 22 19:36:26 2009 +0200
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Jul 22 19:36:26 2009 +0200
NFCT: improve netlink overrun handling
With this patch, we schedule one resynchronization against the
kernel conntrack table that will occur in two seconds (still
we need a patch to make this configurable). Before this, we
scheduled a resynchronization for every overrun, that is very
bad in a scenario in which overruns occurs very frequently.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via de30adc389621c49e7b77bfdf550d0b1c0804448 (commit)
from e664524e05ad555cfb0e7851a7cfeb573fcc27b5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit de30adc389621c49e7b77bfdf550d0b1c0804448
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Jul 22 19:36:26 2009 +0200
NFCT: improve netlink overrun handling
With this patch, we schedule one resynchronization against the
kernel conntrack table that will occur in two seconds (still
we need a patch to make this configurable). Before this, we
scheduled a resynchronization for every overrun, that is very
bad in a scenario in which overruns occurs very frequently.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
input/flow/ulogd_inpflow_NFCT.c | 24 ++++++++++++------------
1 files changed, 12 insertions(+), 12 deletions(-)
With this patch, we schedule one resynchronization against the
kernel conntrack table that will occur in two seconds (still
we need a patch to make this configurable). Before this, we
scheduled a resynchronization for every overrun, that is very
bad in a scenario in which overruns occurs very frequently.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c
index b16687e..deaf887 100644
--- a/input/flow/ulogd_inpflow_NFCT.c
+++ b/input/flow/ulogd_inpflow_NFCT.c
@@ -669,8 +669,6 @@ static int read_cb_nfct(int fd, unsigned int what, void *param)
if (nfct_catch(cpi->cth) == -1) {
if (errno == ENOBUFS) {
- int family = AF_UNSPEC;
-
if (nlsockbufmaxsize_ce(upi->config_kset).u.value) {
int s = cpi->nlbufsiz * 2;
if (setnlbufsiz(upi, s)) {
@@ -689,9 +687,14 @@ static int read_cb_nfct(int fd, unsigned int what, void *param)
/* internal hash can deal with refresh */
if (usehash_ce(upi->config_kset).u.value != 0) {
- nfct_send(cpi->ovh, NFCT_Q_DUMP, &family);
- /* TODO: configurable retry timer */
- ulogd_add_timer(&cpi->ov_timer, 2);
+ /* TODO: schedule a resynchronization in
+ * two seconds, this parameter should be
+ * configurable via config. Note that we
+ * don't re-schedule a resync if it's
+ * already in progress. */
+ if (!ulogd_timer_pending(&cpi->ov_timer)) {
+ ulogd_add_timer(&cpi->ov_timer, 2);
+ }
}
}
}
@@ -764,11 +767,10 @@ static int read_cb_ovh(int fd, unsigned int what, void *param)
if (nfct_catch(cpi->ovh) == -1) {
/* enobufs in the overrun buffer? very rare */
if (errno == ENOBUFS) {
- int family = AF_UNSPEC;
-
- nfct_send(cpi->ovh, NFCT_Q_DUMP, &family);
- /* TODO: configurable retry timer */
- ulogd_add_timer(&cpi->ov_timer, 2);
+ /* TODO: configurable resync timer */
+ if (!ulogd_timer_pending(&cpi->ov_timer)) {
+ ulogd_add_timer(&cpi->ov_timer, 2);
+ }
}
}
@@ -824,8 +826,6 @@ static void overrun_timeout(struct ulogd_timer *a, void *data)
(struct nfct_pluginstance *)upi->private;
nfct_send(cpi->ovh, NFCT_Q_DUMP, &family);
- /* TODO: configurable retry timer */
- ulogd_add_timer(&cpi->ov_timer, 2);
}
static int constructor_nfct(struct ulogd_pluginstance *upi)
More information about the netfilter-cvslog
mailing list