conntrackd: make the daemon run in RT mode by default

In order to prevent netlink buffer overrun, conntrackd is recommended to run
at max priority.

Make conntrackd to use a RT (SHED_RR) scheduler by default at max priority.
This is common among other HA daemons. For example corosync uses SCHED_RR
by default.

The scheduler configuration option is kept in order to allow admins to perform
fine-tuning, but it is deleted from example configuration files.

Note that this default sched priority is so high that it makes the nice value
useless, so deprecate the nice configuration. Anyway the nice value can be set
externally at runtime using nice/renice.

The code is moved to the init() routine. In case of error setting the
scheduler, the system default will be used. Report a message to the user
and continue working.

Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

3 files changed, 27 insertions, 29 deletions

diff --git a/src/main.c b/src/main.c
index 0418e30..3b19160 100644
--- a/src/main.c
+++ b/src/main.c
@@ -31,7 +31,6 @@
 #include <string.h>
 #include <stdlib.h>
 #include <unistd.h>
-#include <sched.h>
 #include <limits.h>
 
 struct ct_general_state st;
@@ -112,15 +111,6 @@ set_action_by_table(int i, int argc, char *argv[],
 }
 
 static void
-set_nice_value(int nv)
-{
-	errno = 0;
-	if (nice(nv) == -1 && errno) /* warn only */
-		dlog(LOG_WARNING, "Cannot set nice level %d: %s",
-		     nv, strerror(errno));
-}
-
-static void
 do_chdir(const char *d)
 {
 	if (chdir(d))
@@ -374,24 +364,6 @@ int main(int argc, char *argv[])
 	close(ret);
 
 	/*
-	 * Setting process priority and scheduler
-	 */
-	set_nice_value(CONFIG(nice));
-
-	if (CONFIG(sched).type != SCHED_OTHER) {
-		struct sched_param schedparam = {
-			.sched_priority = CONFIG(sched).prio,
-		};
-
-		ret = sched_setscheduler(0, CONFIG(sched).type, &schedparam);
-		if (ret == -1) {
-			dlog(LOG_ERR, "scheduler configuration failed: %s",
-			     strerror(errno));
-			exit(EXIT_FAILURE);
-		}
-	}
-
-	/*
 	 * initialization process
 	 */
 
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 30a8bd4..32cca3c 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -967,7 +967,8 @@ netlink_events_reliable : T_NETLINK_EVENTS_RELIABLE T_OFF
 
 nice : T_NICE T_SIGNED_NUMBER
 {
-	conf.nice = $2;
+	dlog(LOG_WARNING, "deprecated nice configuration, ignoring. The "
+	     "nice value can be set externally with nice(1) and renice(1).");
 };
 
 scheduler : T_SCHEDULER '{' scheduler_options '}';
diff --git a/src/run.c b/src/run.c
index 1fe6cba..f11a532 100644
--- a/src/run.c
+++ b/src/run.c
@@ -32,6 +32,7 @@
 #include "internal.h"
 #include "systemd.h"
 
+#include <sched.h>
 #include <errno.h>
 #include <signal.h>
 #include <stdlib.h>
@@ -234,11 +235,35 @@ int evaluate(void)
 	return 0;
 }
 
+
+static void set_scheduler(void)
+{
+	struct sched_param schedparam;
+	int sched_type;
+
+	if (CONFIG(sched).type == SCHED_OTHER) {
+		/* default */
+		schedparam.sched_priority = sched_get_priority_max(SCHED_RR);
+		sched_type = SCHED_RR;
+	} else {
+		schedparam.sched_priority = CONFIG(sched).prio;
+		sched_type = CONFIG(sched).type;
+	}
+
+	if (sched_setscheduler(0, sched_type, &schedparam) < 0)
+		dlog(LOG_WARNING, "scheduler configuration failed: %s. "
+		     "Likely a bug in conntrackd, please report it. "
+		     "Continuing with system default scheduler.",
+		     strerror(errno));
+}
+
 int
 init(void)
 {
 	do_gettimeofday();
 
+	set_scheduler();
+
 	STATE(fds) = create_fds();
 	if (STATE(fds) == NULL) {
 		dlog(LOG_ERR, "can't create file descriptor pool");