summaryrefslogtreecommitdiffstats
path: root/src/netlink.c
diff options
context:
space:
mode:
author/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2007-05-20 21:13:06 +0000
committer/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>2007-05-20 21:13:06 +0000
commit9f1b4b2d028129966f7e6f23cec6ac0712c2b1b6 (patch)
treed635d4e4ad7dac6918470676bf222f27d21f192e /src/netlink.c
parent2932c6b8e6952ae84b221b854b43810c61e5c8fa (diff)
- introduce cache_iterate
- empty debug_ct function if DEBUG_CT is not set - revisit overrun handler: this is a hard battle, just try to do our best here, call Patrick :) - explicit warning message when netlink_buffer_max_growth is reached - fix silly bug in stats-mode when dumping in XML format - fix UDP handler for conntrack
Diffstat (limited to 'src/netlink.c')
-rw-r--r--src/netlink.c73
1 files changed, 10 insertions, 63 deletions
diff --git a/src/netlink.c b/src/netlink.c
index 0bde632..94200b9 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -207,66 +207,6 @@ int nl_init_dump_handler(void)
return 0;
}
-static int nl_overrun_handler(struct nlmsghdr *nlh,
- struct nfattr *nfa[],
- void *data)
-{
- char buf[1024];
- struct nf_conntrack *ct = (struct nf_conntrack *) buf;
- int type;
-
- memset(buf, 0, sizeof(buf));
-
- if ((type = nfct_parse_conntrack(NFCT_T_ALL, nlh, ct)) == NFCT_T_ERROR)
- return NFCT_CB_CONTINUE;
-
- /*
- * Ignore this conntrack: it talks about a
- * connection that is not interesting for us.
- */
- if (ignore_conntrack(ct))
- return NFCT_CB_CONTINUE;
-
- switch(type) {
- case NFCT_T_UPDATE:
- if (STATE(mode)->overrun)
- STATE(mode)->overrun(ct, nlh);
- break;
- default:
- dlog(STATE(log), "received unknown msg from ctnetlink");
- break;
- }
- return NFCT_CB_CONTINUE;
-}
-
-int nl_init_overrun_handler(void)
-{
- struct nfnl_callback cb_sync = {
- .call = nl_overrun_handler,
- .attr_count = CTA_MAX
- };
-
- /* open sync netlink socket */
- STATE(sync) = nfnl_open();
- if (!STATE(sync))
- return -1;
-
- /* open synchronizer subsystem */
- STATE(subsys_sync) = nfnl_subsys_open(STATE(sync),
- NFNL_SUBSYS_CTNETLINK,
- IPCTNL_MSG_MAX,
- 0);
- if (STATE(subsys_sync) == NULL)
- return -1;
-
- /* register callback for dumped entries */
- nfnl_callback_register(STATE(subsys_sync),
- IPCTNL_MSG_CT_NEW,
- &cb_sync);
-
- return 0;
-}
-
static int warned = 0;
void nl_resize_socket_buffer(struct nfnl_handle *h)
@@ -278,7 +218,14 @@ void nl_resize_socket_buffer(struct nfnl_handle *h)
return;
if (s > CONFIG(netlink_buffer_size_max_grown)) {
- dlog(STATE(log), "maximum netlink socket buffer size reached");
+ dlog(STATE(log), "WARNING: maximum netlink socket buffer "
+ "size has been reached. We are likely to "
+ "be losing events, this may lead to "
+ "unsynchronized replicas. Please, consider "
+ "increasing netlink socket buffer size via "
+ "SocketBufferSize and "
+ "SocketBufferSizeMaxGrown clauses in "
+ "conntrackd.conf");
s = CONFIG(netlink_buffer_size_max_grown);
warned = 1;
}
@@ -313,13 +260,13 @@ int nl_flush_master_conntrack_table(void)
struct nfnlhdr req;
memset(&req, 0, sizeof(req));
- nfct_build_query(STATE(subsys_sync),
+ nfct_build_query(STATE(subsys_dump),
NFCT_Q_FLUSH,
&CONFIG(family),
&req,
sizeof(req));
- if (nfnl_query(STATE(sync), &req.nlh) == -1)
+ if (nfnl_query(STATE(dump), &req.nlh) == -1)
return -1;
return 0;