On 11 November 2015 at 16:59, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> On Fri, Nov 06, 2015 at 04:59:22PM +0100, Arturo Borrero Gonzalez wrote:
>> On 6 November 2015 at 14:53, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
>> >> +void sd_ct_watchdog_init(void)
>> >> +{
>> >> + /* ignoring systemd API erros: only care if admin expects watchdog */
>> >
>> > Not sure what you mean with this comment.
>>
>> The API call may returns:
>> * negative errno-style error code
>> * 0 if watchdog is not expected by systemd for this daemon
>> * >0 if watchdog is expected by systemd for this daemon
>>
>> My patch ignores the 2 first options, we only continue executing this
>> function if watchdog is expected by systemd (i.e, the admin configured
>> it).
>
> I think it is a good idea to report that no systemd watchdog is going
> on through log messages.
Ok.
>
>> I ignored errors because I would not like to exit conntrackd if there
>> is some issue in the systemd side, just ignore it.
>>
>> >
>> >> + if (sd_watchdog_enabled(0, &sd_watchdog_interval) < 1)
>> >
>> > So sd_watchdog_enabled is setting sd_watchdog_interval?
>> >
>> > What is the value that sd_watchdog_interval is being set?
>> >
>>
>> Yes, only if sd_watchdog_enabled returned >0.
>>
>> From the man page:
>>
>> ""
>> int sd_watchdog_enabled(int unset_environment, uint64_t *usec);
>> [...]
>> If the usec parameter is non-NULL, sd_watchdog_enabled() will write
>> the timeout in 盜 for the watchdog logic to it.
>> ""
>
> I guess this is configured from systemd, what is the default?
No defaults, an explicit timeout is required by systemd if whatdog is
configured.
Well, the default timeout time is 0 seconds, which disables the systemd feature.
So the admin has to select one (in seconds).
>
> On top of this, I wonder if we should have a configuration option from
> our configuration file, something that allows us to do "Systemd Off".
> I would suggest default in "Systemd On" if not specified, given that
> main distros decided to follow this path.
>
> After this patch, we can only enable/disable systemd integration at
> configuration/compilation stage, however I expect most users will be
> using packages from distros. I think it would be good to provide them
> a runtime way to disable this if they don't want any interference with
> their existing infrastructure.
>
> Does this sound reasonable to you? Other than that above, this patch
> looks good to me.
Yeah, I agree. Will do that ASAP.
thanks.
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
