diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-07-22 19:36:26 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-07-22 19:36:26 +0200 |
| commit | de30adc389621c49e7b77bfdf550d0b1c0804448 (patch) | |
| tree | b6ff4842b8ec0fe4015fa54b8c538705714b78c6 | |
| parent | e664524e05ad555cfb0e7851a7cfeb573fcc27b5 (diff) | |
NFCT: improve netlink overrun handling
With this patch, we schedule one resynchronization against the
kernel conntrack table that will occur in two seconds (still
we need a patch to make this configurable). Before this, we
scheduled a resynchronization for every overrun, that is very
bad in a scenario in which overruns occurs very frequently.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | input/flow/ulogd_inpflow_NFCT.c | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c index b16687e..deaf887 100644 --- a/input/flow/ulogd_inpflow_NFCT.c +++ b/input/flow/ulogd_inpflow_NFCT.c @@ -669,8 +669,6 @@ static int read_cb_nfct(int fd, unsigned int what, void *param) if (nfct_catch(cpi->cth) == -1) { if (errno == ENOBUFS) { - int family = AF_UNSPEC; - if (nlsockbufmaxsize_ce(upi->config_kset).u.value) { int s = cpi->nlbufsiz * 2; if (setnlbufsiz(upi, s)) { @@ -689,9 +687,14 @@ static int read_cb_nfct(int fd, unsigned int what, void *param) /* internal hash can deal with refresh */ if (usehash_ce(upi->config_kset).u.value != 0) { - nfct_send(cpi->ovh, NFCT_Q_DUMP, &family); - /* TODO: configurable retry timer */ - ulogd_add_timer(&cpi->ov_timer, 2); + /* TODO: schedule a resynchronization in + * two seconds, this parameter should be + * configurable via config. Note that we + * don't re-schedule a resync if it's + * already in progress. */ + if (!ulogd_timer_pending(&cpi->ov_timer)) { + ulogd_add_timer(&cpi->ov_timer, 2); + } } } } @@ -764,11 +767,10 @@ static int read_cb_ovh(int fd, unsigned int what, void *param) if (nfct_catch(cpi->ovh) == -1) { /* enobufs in the overrun buffer? very rare */ if (errno == ENOBUFS) { - int family = AF_UNSPEC; - - nfct_send(cpi->ovh, NFCT_Q_DUMP, &family); - /* TODO: configurable retry timer */ - ulogd_add_timer(&cpi->ov_timer, 2); + /* TODO: configurable resync timer */ + if (!ulogd_timer_pending(&cpi->ov_timer)) { + ulogd_add_timer(&cpi->ov_timer, 2); + } } } @@ -824,8 +826,6 @@ static void overrun_timeout(struct ulogd_timer *a, void *data) (struct nfct_pluginstance *)upi->private; nfct_send(cpi->ovh, NFCT_Q_DUMP, &family); - /* TODO: configurable retry timer */ - ulogd_add_timer(&cpi->ov_timer, 2); } static int constructor_nfct(struct ulogd_pluginstance *upi) |