On 7 September 2017 at 13:36, Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx> wrote: > Is common that ulogd runs in scenarios where a lot of packets are to be logged. > If there are more packets than ulogd can handle, users can start seing log > messages like this: > > ulogd[556]: We are losing events. Please, consider using the clauses \ > `netlink_socket_buffer_size' and `netlink_socket_buffer_maxsize' > > Which means that Netlink buffer overrun have happened. > There are several approaches to prevent this situation: > > * in the ruleset, limit the amount of packet queued for log > * in the ruleset, instruct the kernel to use a queue-threshold > * from userspace, increment Netlink buffer sizes > * from userspace, configure ulogd to run as high priority process > > The first 3 method can be configured by users at runtime. > This patch deals with the last method. SCHED_RR is configured by default, > with no associated configuration parameter for users, since I believe > this is common enough, and should produce no harm. > > A similar approach is used in the conntrackd daemon. > > Signed-off-by: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx> > --- > src/ulogd.c | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > Eric did ACK this via IRC, please someone push the patch. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
