summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2009-04-14 10:43:16 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2009-04-14 10:43:16 +0200
commitdfb88dae65fbdc37d72483ddff23171ef4070dae (patch)
tree387294ba81c2847a2f713be54750da20fb5bade2
parent549d78e74c1140b1a4dcd35e44e64d51a3c613e6 (diff)
conntrackd: change scheduler and priority via configuration file
With this patch, you can change the scheduler policy and priority for conntrackd. Using a RT scheduler policy reduces the chances to hit ENOBUFS in Netlink. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--doc/stats/conntrackd.conf11
-rw-r--r--doc/sync/alarm/conntrackd.conf11
-rw-r--r--doc/sync/ftfw/conntrackd.conf11
-rw-r--r--doc/sync/notrack/conntrackd.conf11
-rw-r--r--include/conntrackd.h4
-rw-r--r--src/main.c19
-rw-r--r--src/read_config_lex.l3
-rw-r--r--src/read_config_yy.y30
8 files changed, 99 insertions, 1 deletions
diff --git a/doc/stats/conntrackd.conf b/doc/stats/conntrackd.conf
index 1f1a697..8945293 100644
--- a/doc/stats/conntrackd.conf
+++ b/doc/stats/conntrackd.conf
@@ -10,6 +10,17 @@ General {
#
Nice -1
+ #
+ # Select a different scheduler for the daemon, you can select between
+ # RR and FIFO and the process priority (minimum is 0, maximum is 99).
+ # See man sched_setscheduler(2) for more information. Using a RT
+ # scheduler reduces the chances to overrun the Netlink buffer.
+ #
+ # Scheduler {
+ # Type FIFO
+ # Priority 99
+ # }
+
#
# Number of buckets in the caches: hash table
#
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index ca6e661..793e953 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -197,6 +197,17 @@ General {
Nice -20
#
+ # Select a different scheduler for the daemon, you can select between
+ # RR and FIFO and the process priority (minimum is 0, maximum is 99).
+ # See man sched_setscheduler(2) for more information. Using a RT
+ # scheduler reduces the chances to overrun the Netlink buffer.
+ #
+ # Scheduler {
+ # Type FIFO
+ # Priority 99
+ # }
+
+ #
# Number of buckets in the cache hashtable. The bigger it is,
# the closer it gets to O(1) at the cost of consuming more memory.
# Read some documents about tuning hashtables for further reference.
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 33c6fce..6eb4475 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -206,6 +206,17 @@ General {
Nice -20
#
+ # Select a different scheduler for the daemon, you can select between
+ # RR and FIFO and the process priority (minimum is 0, maximum is 99).
+ # See man sched_setscheduler(2) for more information. Using a RT
+ # scheduler reduces the chances to overrun the Netlink buffer.
+ #
+ # Scheduler {
+ # Type FIFO
+ # Priority 99
+ # }
+
+ #
# Number of buckets in the cache hashtable. The bigger it is,
# the closer it gets to O(1) at the cost of consuming more memory.
# Read some documents about tuning hashtables for further reference.
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index 6175284..e2085f7 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -187,6 +187,17 @@ General {
Nice -20
#
+ # Select a different scheduler for the daemon, you can select between
+ # RR and FIFO and the process priority (minimum is 0, maximum is 99).
+ # See man sched_setscheduler(2) for more information. Using a RT
+ # scheduler reduces the chances to overrun the Netlink buffer.
+ #
+ # Scheduler {
+ # Type FIFO
+ # Priority 99
+ # }
+
+ #
# Number of buckets in the cache hashtable. The bigger it is,
# the closer it gets to O(1) at the cost of consuming more memory.
# Read some documents about tuning hashtables for further reference.
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 737c7fd..013ec4f 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -95,6 +95,10 @@ struct ct_conf {
int filter_from_kernelspace;
int event_iterations_limit;
struct {
+ int type;
+ int prio;
+ } sched;
+ struct {
char logfile[FILENAME_MAXLEN];
int syslog_facility;
size_t buffer_size;
diff --git a/src/main.c b/src/main.c
index 62ae599..7507ae5 100644
--- a/src/main.c
+++ b/src/main.c
@@ -26,6 +26,7 @@
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
+#include <sched.h>
#include <limits.h>
struct ct_general_state st;
@@ -296,6 +297,23 @@ int main(int argc, char *argv[])
close(ret);
/*
+ * Setting process priority and scheduler
+ */
+ nice(CONFIG(nice));
+
+ if (CONFIG(sched).type != SCHED_OTHER) {
+ struct sched_param schedparam = {
+ .sched_priority = CONFIG(sched).prio,
+ };
+
+ ret = sched_setscheduler(0, CONFIG(sched).type, &schedparam);
+ if (ret == -1) {
+ perror("sched");
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ /*
* initialization process
*/
@@ -309,7 +327,6 @@ int main(int argc, char *argv[])
chdir("/");
close(STDIN_FILENO);
- nice(CONFIG(nice));
/* Daemonize conntrackd */
if (type == DAEMON) {
diff --git a/src/read_config_lex.l b/src/read_config_lex.l
index 44ccf0b..3d5913e 100644
--- a/src/read_config_lex.l
+++ b/src/read_config_lex.l
@@ -132,6 +132,9 @@ notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k]
"PollSecs" { return T_POLL_SECS; }
"NetlinkOverrunResync" { return T_NETLINK_OVERRUN_RESYNC; }
"Nice" { return T_NICE; }
+"Scheduler" { return T_SCHEDULER; }
+"Type" { return T_TYPE; }
+"Priority" { return T_PRIO; }
{is_on} { return T_ON; }
{is_off} { return T_OFF; }
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 152f33e..56fd2f8 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -29,6 +29,7 @@
#include "bitops.h"
#include "cidr.h"
#include <syslog.h>
+#include <sched.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
@@ -70,6 +71,7 @@ static void __max_dedicated_links_reached(void);
%token T_FILTER T_ADDRESS T_PROTOCOL T_STATE T_ACCEPT T_IGNORE
%token T_FROM T_USERSPACE T_KERNELSPACE T_EVENT_ITER_LIMIT T_DEFAULT
%token T_NETLINK_OVERRUN_RESYNC T_NICE T_IPV4_DEST_ADDR T_IPV6_DEST_ADDR
+%token T_SCHEDULER T_TYPE T_PRIO
%token <string> T_IP T_PATH_VAL
%token <val> T_NUMBER
@@ -870,6 +872,7 @@ general_line: hashsize
| filter
| netlink_overrun_resync
| nice
+ | scheduler
;
netlink_buffer_size: T_BUFFER_SIZE T_NUMBER
@@ -902,6 +905,33 @@ nice : T_NICE T_SIGNED_NUMBER
conf.nice = $2;
};
+scheduler : T_SCHEDULER '{' scheduler_options '}';
+
+scheduler_options :
+ | scheduler_options scheduler_line
+ ;
+
+scheduler_line : T_TYPE T_STRING
+{
+ if (strcasecmp($2, "rr") == 0) {
+ conf.sched.type = SCHED_RR;
+ } else if (strcasecmp($2, "fifo") == 0) {
+ conf.sched.type = SCHED_FIFO;
+ } else {
+ print_err(CTD_CFG_ERROR, "unknown scheduler `%s'", $2);
+ exit(EXIT_FAILURE);
+ }
+};
+
+scheduler_line : T_PRIO T_NUMBER
+{
+ conf.sched.prio = $2;
+ if (conf.sched.prio < 0 || conf.sched.prio > 99) {
+ print_err(CTD_CFG_ERROR, "`Priority' must be [0, 99]\n", $2);
+ exit(EXIT_FAILURE);
+ }
+};
+
family : T_FAMILY T_STRING
{
if (strncmp($2, "IPv6", strlen("IPv6")) == 0)