diff options
-rw-r--r-- | input/flow/ulogd_inpflow_NFCT.c | 19 | ||||
-rw-r--r-- | ulogd.conf.in | 1 |
2 files changed, 19 insertions, 1 deletions
diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c index 31535a9..b45a435 100644 --- a/input/flow/ulogd_inpflow_NFCT.c +++ b/input/flow/ulogd_inpflow_NFCT.c @@ -72,7 +72,7 @@ struct nfct_pluginstance { #define EVENT_MASK NF_NETLINK_CONNTRACK_NEW | NF_NETLINK_CONNTRACK_DESTROY static struct config_keyset nfct_kset = { - .num_ces = 8, + .num_ces = 9, .ces = { { .key = "pollinterval", @@ -122,6 +122,12 @@ static struct config_keyset nfct_kset = { .options = CONFIG_OPT_NONE, .u.value = 60, }, + { + .key = "reliable", + .type = CONFIG_TYPE_INT, + .options = CONFIG_OPT_NONE, + .u.value = 0, + }, }, }; #define pollint_ce(x) (x->ces[0]) @@ -132,6 +138,7 @@ static struct config_keyset nfct_kset = { #define nlsockbufsize_ce(x) (x->ces[5]) #define nlsockbufmaxsize_ce(x) (x->ces[6]) #define nlresynctimeout_ce(x) (x->ces[7]) +#define reliable_ce(x) (x->ces[8]) enum nfct_keys { NFCT_ORIG_IP_SADDR = 0, @@ -1019,6 +1026,16 @@ static int constructor_nfct_events(struct ulogd_pluginstance *upi) "set to %d\n", cpi->nlbufsiz); } + if (reliable_ce(upi->config_kset).u.value != 0) { + int on = 1; + + setsockopt(nfct_fd(cpi->cth), SOL_NETLINK, + NETLINK_BROADCAST_SEND_ERROR, &on, sizeof(int)); + setsockopt(nfct_fd(cpi->cth), SOL_NETLINK, + NETLINK_NO_ENOBUFS, &on, sizeof(int)); + ulogd_log(ULOGD_NOTICE, "NFCT reliable logging " + "has been enabled."); + } cpi->nfct_fd.fd = nfct_fd(cpi->cth); cpi->nfct_fd.cb = &read_cb_nfct; cpi->nfct_fd.data = cpi; diff --git a/ulogd.conf.in b/ulogd.conf.in index b33e69c..cf6987b 100644 --- a/ulogd.conf.in +++ b/ulogd.conf.in @@ -122,6 +122,7 @@ plugin="@pkglibexecdir@/ulogd_inpflow_NFACCT.so" [ct2] #netlink_socket_buffer_size=217088 #netlink_socket_buffer_maxsize=1085440 +#reliable=1 # enable reliable flow-based logging (may drop packets) hash_enable=0 # Logging of system packet through NFLOG |