From bb6bfd9c582f2eaad393803da800df5ac9aa0a9f Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 2 Jun 2008 01:38:52 +0200
Subject: improve overrun handling NFLOG

This patch improves the overrun handling. The NFLOG plugin duplicates the
netlink buffer size if the size does not goes after the upper boundary.
This patch also introduces two new clauses, the netlink_socket_buffer_size
and netlink_socket_buffer_maxsize that set the size of the netlink socket
buffer.
---
 input/packet/ulogd_inppkt_NFLOG.c | 66 +++++++++++++++++++++++++++++++++++----
 1 file changed, 60 insertions(+), 6 deletions(-)

(limited to 'input')

diff --git a/input/packet/ulogd_inppkt_NFLOG.c b/input/packet/ulogd_inppkt_NFLOG.c
index bb69bb6..9918fae 100644
--- a/input/packet/ulogd_inppkt_NFLOG.c
+++ b/input/packet/ulogd_inppkt_NFLOG.c
@@ -6,8 +6,10 @@
 #include <unistd.h>
 #include <stdlib.h>
 #include <netinet/in.h>
+#include <errno.h>
 
 #include <ulogd/ulogd.h>
+#include <libnfnetlink/libnfnetlink.h>
 #include <libnetfilter_log/libnetfilter_log.h>
 
 #ifndef NFLOG_GROUP_DEFAULT
@@ -29,12 +31,13 @@ struct nflog_input {
 	struct nflog_g_handle *nful_gh;
 	unsigned char *nfulog_buf;
 	struct ulogd_fd nful_fd;
+	int nlbufsiz;
 };
 
 /* configuration entries */
 
 static struct config_keyset libulog_kset = {
-	.num_ces = 8,
+	.num_ces = 10,
 	.ces = {
 		{
 			.key 	 = "bufsize",
@@ -84,7 +87,18 @@ static struct config_keyset libulog_kset = {
 			.options = CONFIG_OPT_NONE,
 			.u.value = 0,
 		},
-
+		{
+			.key     = "netlink_socket_buffer_size",
+			.type    = CONFIG_TYPE_INT,
+			.options = CONFIG_OPT_NONE,
+			.u.value = 0,
+		},
+		{
+			.key     = "netlink_socket_buffer_maxsize",
+			.type    = CONFIG_TYPE_INT,
+			.options = CONFIG_OPT_NONE,
+			.u.value = 0,
+		},
 	}
 };
 
@@ -96,6 +110,8 @@ static struct config_keyset libulog_kset = {
 #define seq_ce(x)	(x->ces[5])
 #define seq_global_ce(x)	(x->ces[6])
 #define label_ce(x)	(x->ces[7])
+#define nlsockbufsize_ce(x) (x->ces[8])
+#define nlsockbufmaxsize_ce(x) (x->ces[9])
 
 enum nflog_keys {
 	NFLOG_KEY_RAW_MAC = 0,
@@ -371,6 +387,23 @@ interp_packet(struct ulogd_pluginstance *upi, struct nflog_data *ldata)
 	return 0;
 }
 
+static int setnlbufsiz(struct ulogd_pluginstance *upi, int size)
+{
+	struct nflog_input *ui = (struct nflog_input *)upi->private;
+
+	if (size < nlsockbufmaxsize_ce(upi->config_kset).u.value) {
+		ui->nlbufsiz = nfnl_rcvbufsiz(nflog_nfnlh(ui->nful_h), size);
+		return 1;
+	}
+
+	ulogd_log(ULOGD_NOTICE, "Maximum buffer size (%d) in NFLOG has been "
+				"reached. Please, consider rising "
+				"`netlink_socket_buffer_size` and "
+				"`netlink_socket_buffer_maxsize` "
+				"clauses.\n", ui->nlbufsiz);
+	return 0;
+}
+
 /* callback called from ulogd core when fd is readable */
 static int nful_read_cb(int fd, unsigned int what, void *param)
 {
@@ -385,8 +418,26 @@ static int nful_read_cb(int fd, unsigned int what, void *param)
 	 * grab all the processing time just for us.  there might be other
 	 * sockets that have pending work */
 	len = recv(fd, ui->nfulog_buf, bufsiz_ce(upi->config_kset).u.value, 0);
-	if (len < 0)
+	if (len < 0) {
+		if (errno == ENOBUFS) {
+			if (nlsockbufmaxsize_ce(upi->config_kset).u.value) {
+				int s = ui->nlbufsiz * 2;
+				if (setnlbufsiz(upi, s)) {
+					ulogd_log(ULOGD_NOTICE,
+						  "We are losing events, "
+						  "increasing buffer size "
+						  "to %d\n", ui->nlbufsiz);
+				}
+			} else {
+				ulogd_log(ULOGD_NOTICE,
+					  "We are losing events. Please, "
+					  "consider using the clauses "
+					  "`netlink_socket_buffer_size' and "
+					  "`netlink_socket_buffer_maxsize\n'");
+			}
+		}
 		return len;
+	}
 
 	nflog_handle_packet(ui->nful_h, (char *)ui->nfulog_buf, len);
 
@@ -468,9 +519,12 @@ static int start(struct ulogd_pluginstance *upi)
 
 	nflog_set_mode(ui->nful_gh, NFULNL_COPY_PACKET, 0xffff);
 
-	//nflog_set_nlbufsiz(&ui->nful_gh, );
-	//nfnl_set_rcvbuf();
-	
+	if (nlsockbufsize_ce(upi->config_kset).u.value) {
+		setnlbufsiz(upi, nlsockbufsize_ce(upi->config_kset).u.value);
+		ulogd_log(ULOGD_NOTICE, "NFLOG netlink buffer size has been "
+					"set to %d\n", ui->nlbufsiz);
+	}
+
 	/* set log flags based on configuration */
 	flags = 0;
 	if (seq_ce(upi->config_kset).u.value != 0)
-- 
cgit v1.2.3