summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--input/packet/ulogd_inppkt_NFLOG.c66
-rw-r--r--ulogd.conf.in2
2 files changed, 62 insertions, 6 deletions
diff --git a/input/packet/ulogd_inppkt_NFLOG.c b/input/packet/ulogd_inppkt_NFLOG.c
index bb69bb6..9918fae 100644
--- a/input/packet/ulogd_inppkt_NFLOG.c
+++ b/input/packet/ulogd_inppkt_NFLOG.c
@@ -6,8 +6,10 @@
#include <unistd.h>
#include <stdlib.h>
#include <netinet/in.h>
+#include <errno.h>
#include <ulogd/ulogd.h>
+#include <libnfnetlink/libnfnetlink.h>
#include <libnetfilter_log/libnetfilter_log.h>
#ifndef NFLOG_GROUP_DEFAULT
@@ -29,12 +31,13 @@ struct nflog_input {
struct nflog_g_handle *nful_gh;
unsigned char *nfulog_buf;
struct ulogd_fd nful_fd;
+ int nlbufsiz;
};
/* configuration entries */
static struct config_keyset libulog_kset = {
- .num_ces = 8,
+ .num_ces = 10,
.ces = {
{
.key = "bufsize",
@@ -84,7 +87,18 @@ static struct config_keyset libulog_kset = {
.options = CONFIG_OPT_NONE,
.u.value = 0,
},
-
+ {
+ .key = "netlink_socket_buffer_size",
+ .type = CONFIG_TYPE_INT,
+ .options = CONFIG_OPT_NONE,
+ .u.value = 0,
+ },
+ {
+ .key = "netlink_socket_buffer_maxsize",
+ .type = CONFIG_TYPE_INT,
+ .options = CONFIG_OPT_NONE,
+ .u.value = 0,
+ },
}
};
@@ -96,6 +110,8 @@ static struct config_keyset libulog_kset = {
#define seq_ce(x) (x->ces[5])
#define seq_global_ce(x) (x->ces[6])
#define label_ce(x) (x->ces[7])
+#define nlsockbufsize_ce(x) (x->ces[8])
+#define nlsockbufmaxsize_ce(x) (x->ces[9])
enum nflog_keys {
NFLOG_KEY_RAW_MAC = 0,
@@ -371,6 +387,23 @@ interp_packet(struct ulogd_pluginstance *upi, struct nflog_data *ldata)
return 0;
}
+static int setnlbufsiz(struct ulogd_pluginstance *upi, int size)
+{
+ struct nflog_input *ui = (struct nflog_input *)upi->private;
+
+ if (size < nlsockbufmaxsize_ce(upi->config_kset).u.value) {
+ ui->nlbufsiz = nfnl_rcvbufsiz(nflog_nfnlh(ui->nful_h), size);
+ return 1;
+ }
+
+ ulogd_log(ULOGD_NOTICE, "Maximum buffer size (%d) in NFLOG has been "
+ "reached. Please, consider rising "
+ "`netlink_socket_buffer_size` and "
+ "`netlink_socket_buffer_maxsize` "
+ "clauses.\n", ui->nlbufsiz);
+ return 0;
+}
+
/* callback called from ulogd core when fd is readable */
static int nful_read_cb(int fd, unsigned int what, void *param)
{
@@ -385,8 +418,26 @@ static int nful_read_cb(int fd, unsigned int what, void *param)
* grab all the processing time just for us. there might be other
* sockets that have pending work */
len = recv(fd, ui->nfulog_buf, bufsiz_ce(upi->config_kset).u.value, 0);
- if (len < 0)
+ if (len < 0) {
+ if (errno == ENOBUFS) {
+ if (nlsockbufmaxsize_ce(upi->config_kset).u.value) {
+ int s = ui->nlbufsiz * 2;
+ if (setnlbufsiz(upi, s)) {
+ ulogd_log(ULOGD_NOTICE,
+ "We are losing events, "
+ "increasing buffer size "
+ "to %d\n", ui->nlbufsiz);
+ }
+ } else {
+ ulogd_log(ULOGD_NOTICE,
+ "We are losing events. Please, "
+ "consider using the clauses "
+ "`netlink_socket_buffer_size' and "
+ "`netlink_socket_buffer_maxsize\n'");
+ }
+ }
return len;
+ }
nflog_handle_packet(ui->nful_h, (char *)ui->nfulog_buf, len);
@@ -468,9 +519,12 @@ static int start(struct ulogd_pluginstance *upi)
nflog_set_mode(ui->nful_gh, NFULNL_COPY_PACKET, 0xffff);
- //nflog_set_nlbufsiz(&ui->nful_gh, );
- //nfnl_set_rcvbuf();
-
+ if (nlsockbufsize_ce(upi->config_kset).u.value) {
+ setnlbufsiz(upi, nlsockbufsize_ce(upi->config_kset).u.value);
+ ulogd_log(ULOGD_NOTICE, "NFLOG netlink buffer size has been "
+ "set to %d\n", ui->nlbufsiz);
+ }
+
/* set log flags based on configuration */
flags = 0;
if (seq_ce(upi->config_kset).u.value != 0)
diff --git a/ulogd.conf.in b/ulogd.conf.in
index a63026a..be5e585 100644
--- a/ulogd.conf.in
+++ b/ulogd.conf.in
@@ -94,6 +94,8 @@ plugin="@libdir@/ulogd/ulogd_raw2packet_BASE.so"
[log1]
# netlink multicast group (the same as the iptables --nflog-group param)
group=0
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
# IPv6 logging through NFLOG
[log2]