On Tue, Sep 19, 2017 at 05:59:44PM +0200, Arturo Borrero Gonzalez wrote: > On 7 September 2017 at 13:36, Arturo Borrero Gonzalez > <arturo@xxxxxxxxxxxxx> wrote: > > Is common that ulogd runs in scenarios where a lot of packets are to be logged. > > If there are more packets than ulogd can handle, users can start seing log > > messages like this: > > > > ulogd[556]: We are losing events. Please, consider using the clauses \ > > `netlink_socket_buffer_size' and `netlink_socket_buffer_maxsize' > > > > Which means that Netlink buffer overrun have happened. > > There are several approaches to prevent this situation: > > > > * in the ruleset, limit the amount of packet queued for log > > * in the ruleset, instruct the kernel to use a queue-threshold > > * from userspace, increment Netlink buffer sizes > > * from userspace, configure ulogd to run as high priority process > > > > The first 3 method can be configured by users at runtime. > > This patch deals with the last method. SCHED_RR is configured by default, > > with no associated configuration parameter for users, since I believe > > this is common enough, and should produce no harm. > > > > A similar approach is used in the conntrackd daemon. > > > > Signed-off-by: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx> > > --- > > src/ulogd.c | 15 +++++++++++++++ > > 1 file changed, 15 insertions(+) > > > > Eric did ACK this via IRC, please someone push the patch. Just pushed it out, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
