diff options
| author | Eric Leblond <eric@regit.org> | 2013-01-13 21:40:59 +0100 |
|---|---|---|
| committer | Eric Leblond <eric@regit.org> | 2013-01-25 23:22:54 +0100 |
| commit | de7640dd0828bacf4591f042358522a835c88bc2 (patch) | |
| tree | d73b425f357682ac5240b77a0d9d3fc3e497f51e | |
| parent | 49dc2251d8d7098b09a4b5a36dafdbd93568f2fc (diff) | |
doxygen: improve fail-open documentation.
| -rw-r--r-- | src/libnetfilter_queue.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c index 9fe9dfa..33f62bf 100644 --- a/src/libnetfilter_queue.c +++ b/src/libnetfilter_queue.c @@ -87,6 +87,8 @@ * (requires Linux kernel >= 2.6.30). * - see --queue-balance option in NFQUEUE target for multi-threaded apps * (it requires Linux kernel >= 2.6.31). + * - consider using fail-open option see nfq_set_queue_flags() (it requires + * Linux kernel >= 3.6) */ struct nfq_handle @@ -620,6 +622,12 @@ int nfq_set_mode(struct nfq_q_handle *qh, flags &= ~NFQA_CFG_F_FAIL_OPEN; err = nfq_set_queue_flags(qh, mask, flags); \endverbatim + * + * If NFQA_CFG_F_FAIL_OPEN is used, the kernel will accept instead of + * drop packets that should have been enqueued to a full queue. This + * results in the system being able to handle high network load but at + * the depend of the control of the packets. + * * \return -1 on error with errno set appropriately; =0 otherwise. */ int nfq_set_queue_flags(struct nfq_q_handle *qh, |