From dfb88dae65fbdc37d72483ddff23171ef4070dae Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 14 Apr 2009 10:43:16 +0200
Subject: conntrackd: change scheduler and priority via configuration file

With this patch, you can change the scheduler policy and priority
for conntrackd. Using a RT scheduler policy reduces the chances to
hit ENOBUFS in Netlink.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/stats/conntrackd.conf        | 11 +++++++++++
 doc/sync/alarm/conntrackd.conf   | 11 +++++++++++
 doc/sync/ftfw/conntrackd.conf    | 11 +++++++++++
 doc/sync/notrack/conntrackd.conf | 11 +++++++++++
 include/conntrackd.h             |  4 ++++
 src/main.c                       | 19 ++++++++++++++++++-
 src/read_config_lex.l            |  3 +++
 src/read_config_yy.y             | 30 ++++++++++++++++++++++++++++++
 8 files changed, 99 insertions(+), 1 deletion(-)

diff --git a/doc/stats/conntrackd.conf b/doc/stats/conntrackd.conf
index 1f1a697..8945293 100644
--- a/doc/stats/conntrackd.conf
+++ b/doc/stats/conntrackd.conf
@@ -10,6 +10,17 @@ General {
 	#
 	Nice -1
 
+	# 
+	# Select a different scheduler for the daemon, you can select between
+	# RR and FIFO and the process priority (minimum is 0, maximum is 99).
+	# See man sched_setscheduler(2) for more information. Using a RT
+	# scheduler reduces the chances to overrun the Netlink buffer.
+	#
+	# Scheduler {
+	# 	Type FIFO
+	# 	Priority 99
+	# }
+
 	#
 	# Number of buckets in the caches: hash table
 	#
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index ca6e661..793e953 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -196,6 +196,17 @@ General {
 	#
 	Nice -20
 
+	#
+	# Select a different scheduler for the daemon, you can select between
+	# RR and FIFO and the process priority (minimum is 0, maximum is 99).
+	# See man sched_setscheduler(2) for more information. Using a RT
+	# scheduler reduces the chances to overrun the Netlink buffer.
+	#
+	# Scheduler {
+	#	Type FIFO
+	#	Priority 99
+	# }
+
 	#
 	# Number of buckets in the cache hashtable. The bigger it is,
 	# the closer it gets to O(1) at the cost of consuming more memory.
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index 33c6fce..6eb4475 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -205,6 +205,17 @@ General {
 	#
 	Nice -20
 
+	#
+	# Select a different scheduler for the daemon, you can select between
+	# RR and FIFO and the process priority (minimum is 0, maximum is 99).
+	# See man sched_setscheduler(2) for more information. Using a RT
+	# scheduler reduces the chances to overrun the Netlink buffer.
+	#
+	# Scheduler {
+	#	Type FIFO
+	#	Priority 99
+	# }
+
 	#
 	# Number of buckets in the cache hashtable. The bigger it is,
 	# the closer it gets to O(1) at the cost of consuming more memory.
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index 6175284..e2085f7 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -186,6 +186,17 @@ General {
 	#
 	Nice -20
 
+	#
+	# Select a different scheduler for the daemon, you can select between
+	# RR and FIFO and the process priority (minimum is 0, maximum is 99).
+	# See man sched_setscheduler(2) for more information. Using a RT
+	# scheduler reduces the chances to overrun the Netlink buffer.
+	#
+	# Scheduler {
+	#	Type FIFO
+	#	Priority 99
+	# }
+
 	#
 	# Number of buckets in the cache hashtable. The bigger it is,
 	# the closer it gets to O(1) at the cost of consuming more memory.
diff --git a/include/conntrackd.h b/include/conntrackd.h
index 737c7fd..013ec4f 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -94,6 +94,10 @@ struct ct_conf {
 	int cache_write_through;
 	int filter_from_kernelspace;
 	int event_iterations_limit;
+	struct {
+		int type;
+		int prio;
+	} sched;
 	struct {
 		char logfile[FILENAME_MAXLEN];
 		int syslog_facility;
diff --git a/src/main.c b/src/main.c
index 62ae599..7507ae5 100644
--- a/src/main.c
+++ b/src/main.c
@@ -26,6 +26,7 @@
 #include <string.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <sched.h>
 #include <limits.h>
 
 struct ct_general_state st;
@@ -295,6 +296,23 @@ int main(int argc, char *argv[])
 	}
 	close(ret);
 
+	/*
+	 * Setting process priority and scheduler
+	 */
+	nice(CONFIG(nice));
+
+	if (CONFIG(sched).type != SCHED_OTHER) {
+		struct sched_param schedparam = {
+			.sched_priority = CONFIG(sched).prio,
+		};
+
+		ret = sched_setscheduler(0, CONFIG(sched).type, &schedparam);
+		if (ret == -1) {
+			perror("sched");
+			exit(EXIT_FAILURE);
+		}
+	}
+
 	/*
 	 * initialization process
 	 */
@@ -309,7 +327,6 @@ int main(int argc, char *argv[])
 
 	chdir("/");
 	close(STDIN_FILENO);
-	nice(CONFIG(nice));
 
 	/* Daemonize conntrackd */
 	if (type == DAEMON) {
diff --git a/src/read_config_lex.l b/src/read_config_lex.l
index 44ccf0b..3d5913e 100644
--- a/src/read_config_lex.l
+++ b/src/read_config_lex.l
@@ -132,6 +132,9 @@ notrack		[N|n][O|o][T|t][R|r][A|a][C|c][K|k]
 "PollSecs"			{ return T_POLL_SECS; }
 "NetlinkOverrunResync"		{ return T_NETLINK_OVERRUN_RESYNC; }
 "Nice"				{ return T_NICE; }
+"Scheduler"			{ return T_SCHEDULER; }
+"Type"				{ return T_TYPE; }
+"Priority"			{ return T_PRIO; }
 
 {is_on}			{ return T_ON; }
 {is_off}		{ return T_OFF; }
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 152f33e..56fd2f8 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -29,6 +29,7 @@
 #include "bitops.h"
 #include "cidr.h"
 #include <syslog.h>
+#include <sched.h>
 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
 #include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
 
@@ -70,6 +71,7 @@ static void __max_dedicated_links_reached(void);
 %token T_FILTER T_ADDRESS T_PROTOCOL T_STATE T_ACCEPT T_IGNORE
 %token T_FROM T_USERSPACE T_KERNELSPACE T_EVENT_ITER_LIMIT T_DEFAULT
 %token T_NETLINK_OVERRUN_RESYNC T_NICE T_IPV4_DEST_ADDR T_IPV6_DEST_ADDR
+%token T_SCHEDULER T_TYPE T_PRIO
 
 %token <string> T_IP T_PATH_VAL
 %token <val> T_NUMBER
@@ -870,6 +872,7 @@ general_line: hashsize
 	    | filter
 	    | netlink_overrun_resync
 	    | nice
+	    | scheduler
 	    ;
 
 netlink_buffer_size: T_BUFFER_SIZE T_NUMBER
@@ -902,6 +905,33 @@ nice : T_NICE T_SIGNED_NUMBER
 	conf.nice = $2;
 };
 
+scheduler : T_SCHEDULER '{' scheduler_options '}';
+
+scheduler_options :
+		  | scheduler_options scheduler_line
+		  ;
+
+scheduler_line : T_TYPE T_STRING
+{
+	if (strcasecmp($2, "rr") == 0) {
+		conf.sched.type = SCHED_RR;
+	} else if (strcasecmp($2, "fifo") == 0) {
+		conf.sched.type = SCHED_FIFO;
+	} else {
+		print_err(CTD_CFG_ERROR, "unknown scheduler `%s'", $2);
+		exit(EXIT_FAILURE);
+	}
+};
+
+scheduler_line : T_PRIO T_NUMBER
+{
+	conf.sched.prio = $2;
+	if (conf.sched.prio < 0 || conf.sched.prio > 99) {
+		print_err(CTD_CFG_ERROR, "`Priority' must be [0, 99]\n", $2);
+		exit(EXIT_FAILURE);
+	}
+};
+
 family : T_FAMILY T_STRING
 {
 	if (strncmp($2, "IPv6", strlen("IPv6")) == 0)
-- 
cgit v1.2.3