From de30adc389621c49e7b77bfdf550d0b1c0804448 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 22 Jul 2009 19:36:26 +0200
Subject: NFCT: improve netlink overrun handling

With this patch, we schedule one resynchronization against the
kernel conntrack table that will occur in two seconds (still
we need a patch to make this configurable). Before this, we
scheduled a resynchronization for every overrun, that is very
bad in a scenario in which overruns occurs very frequently.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 input/flow/ulogd_inpflow_NFCT.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

(limited to 'input')

diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c
index b16687e..deaf887 100644
--- a/input/flow/ulogd_inpflow_NFCT.c
+++ b/input/flow/ulogd_inpflow_NFCT.c
@@ -669,8 +669,6 @@ static int read_cb_nfct(int fd, unsigned int what, void *param)
 
 	if (nfct_catch(cpi->cth) == -1) {
 		if (errno == ENOBUFS) {
-			int family = AF_UNSPEC;
-
 			if (nlsockbufmaxsize_ce(upi->config_kset).u.value) {
 				int s = cpi->nlbufsiz * 2;
 				if (setnlbufsiz(upi, s)) {
@@ -689,9 +687,14 @@ static int read_cb_nfct(int fd, unsigned int what, void *param)
 
 			/* internal hash can deal with refresh */
 			if (usehash_ce(upi->config_kset).u.value != 0) {
-				nfct_send(cpi->ovh, NFCT_Q_DUMP, &family);
-				/* TODO: configurable retry timer */
-				ulogd_add_timer(&cpi->ov_timer, 2);
+				/* TODO: schedule a resynchronization in
+				 * two seconds, this parameter should be
+				 * configurable via config. Note that we
+				 * don't re-schedule a resync if it's
+				 * already in progress. */
+				if (!ulogd_timer_pending(&cpi->ov_timer)) {
+					ulogd_add_timer(&cpi->ov_timer, 2);
+				}
 			}
 		}
 	}
@@ -764,11 +767,10 @@ static int read_cb_ovh(int fd, unsigned int what, void *param)
 	if (nfct_catch(cpi->ovh) == -1) {
 		/* enobufs in the overrun buffer? very rare */
 		if (errno == ENOBUFS) {
-			int family = AF_UNSPEC;
-
-			nfct_send(cpi->ovh, NFCT_Q_DUMP, &family);
-			/* TODO: configurable retry timer */
-			ulogd_add_timer(&cpi->ov_timer, 2);
+			/* TODO: configurable resync timer */
+			if (!ulogd_timer_pending(&cpi->ov_timer)) {
+				ulogd_add_timer(&cpi->ov_timer, 2);
+			}
 		}
 	}
 
@@ -824,8 +826,6 @@ static void overrun_timeout(struct ulogd_timer *a, void *data)
 			(struct nfct_pluginstance *)upi->private;
 
 	nfct_send(cpi->ovh, NFCT_Q_DUMP, &family);
-	/* TODO: configurable retry timer */
-	ulogd_add_timer(&cpi->ov_timer, 2);
 }
 
 static int constructor_nfct(struct ulogd_pluginstance *upi)
-- 
cgit v1.2.3