summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/read_config_lex.l1
-rw-r--r--src/read_config_yy.y11
-rw-r--r--src/run.c11
3 files changed, 19 insertions, 4 deletions
diff --git a/src/read_config_lex.l b/src/read_config_lex.l
index 67c95d3..f8b0ba1 100644
--- a/src/read_config_lex.l
+++ b/src/read_config_lex.l
@@ -117,6 +117,7 @@ notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k]
"From" { return T_FROM; }
"Userspace" { return T_USERSPACE; }
"Kernelspace" { return T_KERNELSPACE; }
+"EventIterationLimit" { return T_EVENT_ITER_LIMIT; }
{is_on} { return T_ON; }
{is_off} { return T_OFF; }
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 69a7eff..274bfc3 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -59,7 +59,7 @@ static void __kernel_filter_add_state(int value);
%token T_SYSLOG T_WRITE_THROUGH T_STAT_BUFFER_SIZE T_DESTROY_TIMEOUT
%token T_MCAST_RCVBUFF T_MCAST_SNDBUFF T_NOTRACK
%token T_FILTER T_ADDRESS T_PROTOCOL T_STATE T_ACCEPT T_IGNORE
-%token T_FROM T_USERSPACE T_KERNELSPACE
+%token T_FROM T_USERSPACE T_KERNELSPACE T_EVENT_ITER_LIMIT
%token <string> T_IP T_PATH_VAL
%token <val> T_NUMBER
@@ -681,6 +681,7 @@ general_line: hashsize
| netlink_buffer_size
| netlink_buffer_size_max_grown
| family
+ | event_iterations_limit
| filter
;
@@ -702,6 +703,11 @@ family : T_FAMILY T_STRING
conf.family = AF_INET;
};
+event_iterations_limit : T_EVENT_ITER_LIMIT T_NUMBER
+{
+ CONFIG(event_iterations_limit) = $2;
+};
+
filter : T_FILTER '{' filter_list '}'
{
CONFIG(filter_from_kernelspace) = 0;
@@ -1096,5 +1102,8 @@ init_config(char *filename)
if (conf.flags & CTD_SYNC_FTFW && CONFIG(del_timeout) == 0)
CONFIG(del_timeout) = 240;
+ if (CONFIG(event_iterations_limit) == 0)
+ CONFIG(event_iterations_limit) = 100;
+
return 0;
}
diff --git a/src/run.c b/src/run.c
index 7958665..caf0b38 100644
--- a/src/run.c
+++ b/src/run.c
@@ -219,7 +219,7 @@ static int event_handler(enum nf_conntrack_msg_type type,
/* skip user-space filtering if already do it in the kernel */
if (ct_filter_conntrack(ct, !CONFIG(filter_from_kernelspace))) {
STATE(stats).nl_events_filtered++;
- return NFCT_CB_STOP;
+ goto out;
}
switch(type) {
@@ -238,7 +238,12 @@ static int event_handler(enum nf_conntrack_msg_type type,
break;
}
- return NFCT_CB_CONTINUE;
+out:
+ if (STATE(event_iterations_limit)-- <= 0) {
+ STATE(event_iterations_limit) = CONFIG(event_iterations_limit);
+ return NFCT_CB_STOP;
+ } else
+ return NFCT_CB_CONTINUE;
}
static int dump_handler(enum nf_conntrack_msg_type type,
@@ -397,7 +402,7 @@ static void __run(struct timeval *next_alarm)
/* conntrack event has happened */
if (FD_ISSET(nfct_fd(STATE(event)), &readfds)) {
- while ((ret = nfct_catch(STATE(event))) != -1);
+ ret = nfct_catch(STATE(event));
if (ret == -1) {
switch(errno) {
case ENOBUFS: