From 8f80ed06233bac73891f6cf9d94f1d6d95d2bd40 Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Wed, 28 Jan 2009 00:16:39 +0100 Subject: Add threshold and timeout option to NFLOG plugin. This patch adds support for setting NFLOG threshold and timeout from ulogd. --- input/packet/ulogd_inppkt_NFLOG.c | 46 ++++++++++++++++++++++++++++++++++++++- ulogd.conf.in | 4 ++++ 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/input/packet/ulogd_inppkt_NFLOG.c b/input/packet/ulogd_inppkt_NFLOG.c index 36f11d7..4cfcf11 100644 --- a/input/packet/ulogd_inppkt_NFLOG.c +++ b/input/packet/ulogd_inppkt_NFLOG.c @@ -31,7 +31,7 @@ struct nflog_input { /* configuration entries */ static struct config_keyset libulog_kset = { - .num_ces = 9, + .num_ces = 11, .ces = { { .key = "bufsize", @@ -88,6 +88,18 @@ static struct config_keyset libulog_kset = { .options = CONFIG_OPT_NONE, .u.value = 0, }, + { + .key = "netlink_qthreshold", + .type = CONFIG_TYPE_INT, + .options = CONFIG_OPT_NONE, + .u.value = 0, + }, + { + .key = "netlink_qtimeout", + .type = CONFIG_TYPE_INT, + .options = CONFIG_OPT_NONE, + .u.value = 0, + }, } }; @@ -100,6 +112,8 @@ static struct config_keyset libulog_kset = { #define label_ce(x) (x->ces[6]) #define nlsockbufsize_ce(x) (x->ces[7]) #define nlsockbufmaxsize_ce(x) (x->ces[8]) +#define nlthreshold_ce(x) (x->ces[9]) +#define nltimeout_ce(x) (x->ces[10]) enum nflog_keys { NFLOG_KEY_RAW_MAC = 0, @@ -533,6 +547,36 @@ static int start(struct ulogd_pluginstance *upi) "set to %d\n", ui->nlbufsiz); } + if (nlthreshold_ce(upi->config_kset).u.value) { + if (nflog_set_qthresh(ui->nful_gh, + nlthreshold_ce(upi->config_kset).u.value) + >= 0) + ulogd_log(ULOGD_NOTICE, + "NFLOG netlink queue threshold has " + "been set to %d\n", + nlthreshold_ce(upi->config_kset).u.value); + else + ulogd_log(ULOGD_NOTICE, + "NFLOG netlink queue threshold can't " + "be set to %d\n", + nlthreshold_ce(upi->config_kset).u.value); + } + + if (nltimeout_ce(upi->config_kset).u.value) { + if (nflog_set_timeout(ui->nful_gh, + nltimeout_ce(upi->config_kset).u.value) + >= 0) + ulogd_log(ULOGD_NOTICE, + "NFLOG netlink queue timeout has " + "been set to %d\n", + nltimeout_ce(upi->config_kset).u.value); + else + ulogd_log(ULOGD_NOTICE, + "NFLOG netlink queue timeout can't " + "be set to %d\n", + nltimeout_ce(upi->config_kset).u.value); + } + /* set log flags based on configuration */ flags = 0; if (seq_ce(upi->config_kset).u.value != 0) diff --git a/ulogd.conf.in b/ulogd.conf.in index 3bb0ee8..27c7add 100644 --- a/ulogd.conf.in +++ b/ulogd.conf.in @@ -104,6 +104,10 @@ hash_enable=0 group=0 #netlink_socket_buffer_size=217088 #netlink_socket_buffer_maxsize=1085440 +# set number of packet to queue inside kernel +#netlink_qthreshold=1 +# set the delay before flushing packet in the queue inside kernel (in ms) +#netlink_qtimeout=1000 # packet logging through NFLOG for group 1 [log2] -- cgit v1.2.3