summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2009-07-21 14:36:18 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2009-07-21 14:36:18 +0200
commit0521db731c0daa417a3dfb67fba7c6f80596e553 (patch)
tree92553f757ba63a0755225befa7c832aae10aeacb
parent441342f4701a4bbc41c24721d4c60b857e1c5d1e (diff)
conntrackd: add clause to enable ctnetlink reliable event delivery
This patch adds the NetlinkEventsReliable clause, this is useful to turn on reliable Netlink event delivery. This features requires a Linux kernel >= 2.6.31. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--doc/stats/conntrackd.conf7
-rw-r--r--doc/sync/alarm/conntrackd.conf7
-rw-r--r--doc/sync/ftfw/conntrackd.conf8
-rw-r--r--doc/sync/notrack/conntrackd.conf7
-rw-r--r--include/conntrackd.h3
-rw-r--r--src/netlink.c12
-rw-r--r--src/read_config_lex.l1
-rw-r--r--src/read_config_yy.y13
8 files changed, 57 insertions, 1 deletions
diff --git a/doc/stats/conntrackd.conf b/doc/stats/conntrackd.conf
index 8945293..ef6a698 100644
--- a/doc/stats/conntrackd.conf
+++ b/doc/stats/conntrackd.conf
@@ -110,6 +110,13 @@ Stats {
#
LogFile on
+ # If you want reliable event reporting over Netlink, set on this
+ # option. If you set on this clause, it is a good idea to set off
+ # NetlinkOverrunResync. This option is off by default and you need
+ # a Linux kernel >= 2.6.31.
+ #
+ # NetlinkEventsReliable Off
+
#
# By default, the daemon receives state updates following an
# event-driven model. You can modify this behaviour by switching to
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index a108569..805a531 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -278,6 +278,13 @@ General {
#
# NetlinkOverrunResync On
+ # If you want reliable event reporting over Netlink, set on this
+ # option. If you set on this clause, it is a good idea to set off
+ # NetlinkOverrunResync. This option is off by default and you need
+ # a Linux kernel >= 2.6.31.
+ #
+ # NetlinkEventsReliable Off
+
#
# By default, the daemon receives state updates following an
# event-driven model. You can modify this behaviour by switching to
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index c1208f9..ceca224 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -287,6 +287,14 @@ General {
#
# NetlinkOverrunResync On
+ #
+ # If you want reliable event reporting over Netlink, set on this
+ # option. If you set on this clause, it is a good idea to set off
+ # NetlinkOverrunResync. This option is off by default and you need
+ # a Linux kernel >= 2.6.31.
+ #
+ # NetlinkEventsReliable Off
+
#
# By default, the daemon receives state updates following an
# event-driven model. You can modify this behaviour by switching to
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index b528fab..1efeb81 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -268,6 +268,13 @@ General {
#
# NetlinkOverrunResync On
+ # If you want reliable event reporting over Netlink, set on this
+ # option. If you set on this clause, it is a good idea to set off
+ # NetlinkOverrunResync. This option is off by default and you need
+ # a Linux kernel >= 2.6.31.
+ #
+ # NetlinkEventsReliable Off
+
#
# By default, the daemon receives state updates following an
# event-driven model. You can modify this behaviour by switching to
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 12fd17f..907ce33 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -96,6 +96,9 @@ struct ct_conf {
int filter_from_kernelspace;
int event_iterations_limit;
struct {
+ int events_reliable;
+ } netlink;
+ struct {
int commit_steps;
} general;
struct {
diff --git a/src/netlink.c b/src/netlink.c
index 5c07201..a43f782 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -75,6 +75,18 @@ struct nfct_handle *nl_init_event_handler(void)
CONFIG(netlink_buffer_size_max_grown) =
CONFIG(netlink_buffer_size);
+ if (CONFIG(netlink).events_reliable) {
+ int on = 1;
+
+ setsockopt(nfct_fd(h), SOL_NETLINK,
+ NETLINK_BROADCAST_SEND_ERROR, &on, sizeof(int));
+
+ setsockopt(nfct_fd(h), SOL_NETLINK,
+ NETLINK_NO_ENOBUFS, &on, sizeof(int));
+
+ dlog(LOG_NOTICE, "reliable ctnetlink event delivery "
+ "is ENABLED.");
+ }
return h;
}
diff --git a/src/read_config_lex.l b/src/read_config_lex.l
index cd03ad4..dad7555 100644
--- a/src/read_config_lex.l
+++ b/src/read_config_lex.l
@@ -134,6 +134,7 @@ notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k]
"Scheduler" { return T_SCHEDULER; }
"Type" { return T_TYPE; }
"Priority" { return T_PRIO; }
+"NetlinkEventsReliable" { return T_NETLINK_EVENTS_RELIABLE; }
{is_on} { return T_ON; }
{is_off} { return T_OFF; }
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 0e9b99b..87f99b6 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -71,7 +71,7 @@ static void __max_dedicated_links_reached(void);
%token T_FILTER T_ADDRESS T_PROTOCOL T_STATE T_ACCEPT T_IGNORE
%token T_FROM T_USERSPACE T_KERNELSPACE T_EVENT_ITER_LIMIT T_DEFAULT
%token T_NETLINK_OVERRUN_RESYNC T_NICE T_IPV4_DEST_ADDR T_IPV6_DEST_ADDR
-%token T_SCHEDULER T_TYPE T_PRIO
+%token T_SCHEDULER T_TYPE T_PRIO T_NETLINK_EVENTS_RELIABLE
%token <string> T_IP T_PATH_VAL
%token <val> T_NUMBER
@@ -873,6 +873,7 @@ general_line: hashsize
| poll_secs
| filter
| netlink_overrun_resync
+ | netlink_events_reliable
| nice
| scheduler
;
@@ -902,6 +903,16 @@ netlink_overrun_resync : T_NETLINK_OVERRUN_RESYNC T_NUMBER
conf.nl_overrun_resync = $2;
};
+netlink_events_reliable : T_NETLINK_EVENTS_RELIABLE T_ON
+{
+ conf.netlink.events_reliable = 1;
+};
+
+netlink_events_reliable : T_NETLINK_EVENTS_RELIABLE T_OFF
+{
+ conf.netlink.events_reliable = 0;
+};
+
nice : T_NICE T_SIGNED_NUMBER
{
conf.nice = $2;