Netfilter Question - NF_QUEUE
Henrik Nordstrom
hno@marasystems.com
Sun, 11 Jul 2004 04:03:02 +0200 (CEST)
On Fri, 9 Jul 2004, S=EDlvia Andreia Oliveira Rocha wrote:
> It is said that this hook is usually used to pass information to
> UserSpace, my question is, if somewhere a package is "popped" from the
> skb and a NF_QUEUE isn't invoked afterwords is the package lost? I gues=
s
> it isn't, because a package is only drops on a NF_DROP verdict, but I'm
> getting rather confused studying an application that uses NetFilter.
If the number of queued packets grow above ip_queue_maxlen (default 1024)=
=20
due to the userspace application not keeping up with the packet rate=20
for one reason or another then new packets gets dropped with a warning in=
=20
the kernel log.
Regards
Henrik