path: root/src/cthelper.c
diff options
authorPablo Neira Ayuso <>2012-09-10 13:17:24 +0200
committerPablo Neira Ayuso <>2012-09-10 13:24:59 +0200
commitfebb3cceac1889fb6558b8ef40ac733072fdcd47 (patch)
tree30c4174e6ff8a83826d17928d0c9409d41dd4859 /src/cthelper.c
parent46faeab56cf4117f41cb6f1f1c40a9c18a81372f (diff)
conntrackd: cthelper: add QueueLen option
This patch adds the QueueLen option, that allows you to increase the maximum number of packets waiting in the nfnetlink_queue to receive a verdict from userspace. Rising the default value (1024) is useful to avoid hitting the following error message: "nf_queue: full at X entries, dropping packets(s)". Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'src/cthelper.c')
1 files changed, 4 insertions, 2 deletions
diff --git a/src/cthelper.c b/src/cthelper.c
index c119869..307be96 100644
--- a/src/cthelper.c
+++ b/src/cthelper.c
@@ -353,8 +353,9 @@ static int cthelper_setup(struct ctd_helper_instance *cur)
nfct_helper_attr_set_u32(t, NFCTH_ATTR_STATUS,
- dlog(LOG_NOTICE, "configuring helper `%s' with queuenum=%d",
- cur->helper->name, cur->queue_num);
+ dlog(LOG_NOTICE, "configuring helper `%s' with queuenum=%d and "
+ "queuelen=%d", cur->helper->name, cur->queue_num,
+ cur->queue_len);
for (j=0; j<CTD_HELPER_POLICY_MAX; j++) {
struct nfct_helper_policy *p;
@@ -433,6 +434,7 @@ static int cthelper_nfqueue_setup(struct ctd_helper_instance *cur)
nfq_nlmsg_cfg_put_params(nlh, NFQNL_COPY_PACKET, 0xffff);
mnl_attr_put_u32(nlh, NFQA_CFG_FLAGS, htonl(NFQA_CFG_F_CONNTRACK));
mnl_attr_put_u32(nlh, NFQA_CFG_MASK, htonl(0xffffffff));
+ mnl_attr_put_u32(nlh, NFQA_CFG_QUEUE_MAXLEN, htonl(cur->queue_len));
if (mnl_socket_sendto(STATE_CTH(nl), nlh, nlh->nlmsg_len) < 0) {
dlog(LOG_ERR, "failed to send configuration");