From 0521db731c0daa417a3dfb67fba7c6f80596e553 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 21 Jul 2009 14:36:18 +0200 Subject: conntrackd: add clause to enable ctnetlink reliable event delivery This patch adds the NetlinkEventsReliable clause, this is useful to turn on reliable Netlink event delivery. This features requires a Linux kernel >= 2.6.31. Signed-off-by: Pablo Neira Ayuso --- doc/stats/conntrackd.conf | 7 +++++++ doc/sync/alarm/conntrackd.conf | 7 +++++++ doc/sync/ftfw/conntrackd.conf | 8 ++++++++ doc/sync/notrack/conntrackd.conf | 7 +++++++ include/conntrackd.h | 3 +++ src/netlink.c | 12 ++++++++++++ src/read_config_lex.l | 1 + src/read_config_yy.y | 13 ++++++++++++- 8 files changed, 57 insertions(+), 1 deletion(-) diff --git a/doc/stats/conntrackd.conf b/doc/stats/conntrackd.conf index 8945293..ef6a698 100644 --- a/doc/stats/conntrackd.conf +++ b/doc/stats/conntrackd.conf @@ -110,6 +110,13 @@ Stats { # LogFile on + # If you want reliable event reporting over Netlink, set on this + # option. If you set on this clause, it is a good idea to set off + # NetlinkOverrunResync. This option is off by default and you need + # a Linux kernel >= 2.6.31. + # + # NetlinkEventsReliable Off + # # By default, the daemon receives state updates following an # event-driven model. You can modify this behaviour by switching to diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf index a108569..805a531 100644 --- a/doc/sync/alarm/conntrackd.conf +++ b/doc/sync/alarm/conntrackd.conf @@ -278,6 +278,13 @@ General { # # NetlinkOverrunResync On + # If you want reliable event reporting over Netlink, set on this + # option. If you set on this clause, it is a good idea to set off + # NetlinkOverrunResync. This option is off by default and you need + # a Linux kernel >= 2.6.31. + # + # NetlinkEventsReliable Off + # # By default, the daemon receives state updates following an # event-driven model. You can modify this behaviour by switching to diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf index c1208f9..ceca224 100644 --- a/doc/sync/ftfw/conntrackd.conf +++ b/doc/sync/ftfw/conntrackd.conf @@ -287,6 +287,14 @@ General { # # NetlinkOverrunResync On + # + # If you want reliable event reporting over Netlink, set on this + # option. If you set on this clause, it is a good idea to set off + # NetlinkOverrunResync. This option is off by default and you need + # a Linux kernel >= 2.6.31. + # + # NetlinkEventsReliable Off + # # By default, the daemon receives state updates following an # event-driven model. You can modify this behaviour by switching to diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf index b528fab..1efeb81 100644 --- a/doc/sync/notrack/conntrackd.conf +++ b/doc/sync/notrack/conntrackd.conf @@ -268,6 +268,13 @@ General { # # NetlinkOverrunResync On + # If you want reliable event reporting over Netlink, set on this + # option. If you set on this clause, it is a good idea to set off + # NetlinkOverrunResync. This option is off by default and you need + # a Linux kernel >= 2.6.31. + # + # NetlinkEventsReliable Off + # # By default, the daemon receives state updates following an # event-driven model. You can modify this behaviour by switching to diff --git a/include/conntrackd.h b/include/conntrackd.h index 12fd17f..907ce33 100644 --- a/include/conntrackd.h +++ b/include/conntrackd.h @@ -95,6 +95,9 @@ struct ct_conf { int poll_kernel_secs; int filter_from_kernelspace; int event_iterations_limit; + struct { + int events_reliable; + } netlink; struct { int commit_steps; } general; diff --git a/src/netlink.c b/src/netlink.c index 5c07201..a43f782 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -75,6 +75,18 @@ struct nfct_handle *nl_init_event_handler(void) CONFIG(netlink_buffer_size_max_grown) = CONFIG(netlink_buffer_size); + if (CONFIG(netlink).events_reliable) { + int on = 1; + + setsockopt(nfct_fd(h), SOL_NETLINK, + NETLINK_BROADCAST_SEND_ERROR, &on, sizeof(int)); + + setsockopt(nfct_fd(h), SOL_NETLINK, + NETLINK_NO_ENOBUFS, &on, sizeof(int)); + + dlog(LOG_NOTICE, "reliable ctnetlink event delivery " + "is ENABLED."); + } return h; } diff --git a/src/read_config_lex.l b/src/read_config_lex.l index cd03ad4..dad7555 100644 --- a/src/read_config_lex.l +++ b/src/read_config_lex.l @@ -134,6 +134,7 @@ notrack [N|n][O|o][T|t][R|r][A|a][C|c][K|k] "Scheduler" { return T_SCHEDULER; } "Type" { return T_TYPE; } "Priority" { return T_PRIO; } +"NetlinkEventsReliable" { return T_NETLINK_EVENTS_RELIABLE; } {is_on} { return T_ON; } {is_off} { return T_OFF; } diff --git a/src/read_config_yy.y b/src/read_config_yy.y index 0e9b99b..87f99b6 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -71,7 +71,7 @@ static void __max_dedicated_links_reached(void); %token T_FILTER T_ADDRESS T_PROTOCOL T_STATE T_ACCEPT T_IGNORE %token T_FROM T_USERSPACE T_KERNELSPACE T_EVENT_ITER_LIMIT T_DEFAULT %token T_NETLINK_OVERRUN_RESYNC T_NICE T_IPV4_DEST_ADDR T_IPV6_DEST_ADDR -%token T_SCHEDULER T_TYPE T_PRIO +%token T_SCHEDULER T_TYPE T_PRIO T_NETLINK_EVENTS_RELIABLE %token T_IP T_PATH_VAL %token T_NUMBER @@ -873,6 +873,7 @@ general_line: hashsize | poll_secs | filter | netlink_overrun_resync + | netlink_events_reliable | nice | scheduler ; @@ -902,6 +903,16 @@ netlink_overrun_resync : T_NETLINK_OVERRUN_RESYNC T_NUMBER conf.nl_overrun_resync = $2; }; +netlink_events_reliable : T_NETLINK_EVENTS_RELIABLE T_ON +{ + conf.netlink.events_reliable = 1; +}; + +netlink_events_reliable : T_NETLINK_EVENTS_RELIABLE T_OFF +{ + conf.netlink.events_reliable = 0; +}; + nice : T_NICE T_SIGNED_NUMBER { conf.nice = $2; -- cgit v1.2.3