[ulogd2] NFCT: add configurable option to set the value of the resynchronization timer

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Wed Jul 22 20:19:46 CEST 2009 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=ulogd2.git;a=commit;h=f4a480e7cb3ed06b004e9d37f803ca35a7f334e1
commit f4a480e7cb3ed06b004e9d37f803ca35a7f334e1
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Jul 22 20:17:28 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Jul 22 20:17:28 2009 +0200

    NFCT: add configurable option to set the value of the resynchronization timer
    
    This patch adds `netlink_resync_timeout' that allows you to set
    the number of seconds that we wait to perform a resynchronization
    due to a netlink overrun. This patch changes the default timeout
    from 2 to 60 seconds (less agressive).
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  f4a480e7cb3ed06b004e9d37f803ca35a7f334e1 (commit)
      from  de30adc389621c49e7b77bfdf550d0b1c0804448 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f4a480e7cb3ed06b004e9d37f803ca35a7f334e1
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Wed Jul 22 20:17:28 2009 +0200

    NFCT: add configurable option to set the value of the resynchronization timer
    
    This patch adds `netlink_resync_timeout' that allows you to set
    the number of seconds that we wait to perform a resynchronization
    due to a netlink overrun. This patch changes the default timeout
    from 2 to 60 seconds (less agressive).
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 input/flow/ulogd_inpflow_NFCT.c |   23 +++++++++++++++--------
 ulogd.conf.in                   |    1 +
 2 files changed, 16 insertions(+), 8 deletions(-)
This patch adds `netlink_resync_timeout' that allows you to set
the number of seconds that we wait to perform a resynchronization
due to a netlink overrun. This patch changes the default timeout
from 2 to 60 seconds (less agressive).

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c
index deaf887..f7e84ac 100644
--- a/input/flow/ulogd_inpflow_NFCT.c
+++ b/input/flow/ulogd_inpflow_NFCT.c
@@ -114,6 +114,12 @@ static struct config_keyset nfct_kset = {
 			.options = CONFIG_OPT_NONE,
 			.u.value = 0,
 		},
+		{
+			.key	 = "netlink_resync_timeout",
+			.type	 = CONFIG_TYPE_INT,
+			.options = CONFIG_OPT_NONE,
+			.u.value = 60,
+		},
 	},
 };
 #define pollint_ce(x)	(x->ces[0])
@@ -123,6 +129,7 @@ static struct config_keyset nfct_kset = {
 #define eventmask_ce(x) (x->ces[4])
 #define nlsockbufsize_ce(x) (x->ces[5])
 #define nlsockbufmaxsize_ce(x) (x->ces[6])
+#define nlresynctimeout_ce(x) (x->ces[7])
 
 enum nfct_keys {
 	NFCT_ORIG_IP_SADDR = 0,
@@ -687,13 +694,13 @@ static int read_cb_nfct(int fd, unsigned int what, void *param)
 
 			/* internal hash can deal with refresh */
 			if (usehash_ce(upi->config_kset).u.value != 0) {
-				/* TODO: schedule a resynchronization in
-				 * two seconds, this parameter should be
-				 * configurable via config. Note that we
-				 * don't re-schedule a resync if it's
-				 * already in progress. */
+				/* schedule a resynchronization in N
+				 * seconds, this parameter is configurable
+				 * via config. Note that we don't re-schedule
+				 * a resync if it's already in progress. */
 				if (!ulogd_timer_pending(&cpi->ov_timer)) {
-					ulogd_add_timer(&cpi->ov_timer, 2);
+					ulogd_add_timer(&cpi->ov_timer,
+							nlresynctimeout_ce(upi->config_kset).u.value);
 				}
 			}
 		}
@@ -767,9 +774,9 @@ static int read_cb_ovh(int fd, unsigned int what, void *param)
 	if (nfct_catch(cpi->ovh) == -1) {
 		/* enobufs in the overrun buffer? very rare */
 		if (errno == ENOBUFS) {
-			/* TODO: configurable resync timer */
 			if (!ulogd_timer_pending(&cpi->ov_timer)) {
-				ulogd_add_timer(&cpi->ov_timer, 2);
+				ulogd_add_timer(&cpi->ov_timer,
+						nlresynctimeout_ce(upi->config_kset).u.value);
 			}
 		}
 	}
diff --git a/ulogd.conf.in b/ulogd.conf.in
index 2be1c58..4542fc4 100644
--- a/ulogd.conf.in
+++ b/ulogd.conf.in
@@ -91,6 +91,7 @@ plugin="@libdir@/ulogd/ulogd_raw2packet_BASE.so"
 [ct1]
 #netlink_socket_buffer_size=217088
 #netlink_socket_buffer_maxsize=1085440
+#netlink_resync_timeout=60 # seconds to wait to perform resynchronization
 
 [ct2]
 #netlink_socket_buffer_size=217088

More information about the netfilter-cvslog mailing list