Pablo Neira Ayuso wrote:
Павел Коколемин wrote:When LAN users start network scanners (NetLook, for example), sometimes I receive error in console: "nfnl_listen: recvmsg overrun: No buffer space available"generated in nfct_event_conntrack() (recvmsg() returns ENOBUFS error code).This message generated in nfnl_listen().Increase netlink buffer size via nfnl_rcvsiz() (libnfnetlink), the default size is available in /proc/sys/net/core/rmem_max. BTW, this message means that you have probably lost some log messages because the rate was so high that the buffer could not back off.
Sorry, I didn't notice that there is no way to access nfnl_handle from libnetfilter_conntrack, instead use setsockopt(nfct_fd(h), SOL_SOCKET, SO_RCVBUFFORCE, &size, socklen) to set the buffer size. Anyway I'll cook a patch for this asap, this issue is important.
--The dawn of the fourth age of Linux firewalling is coming; a time of great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris
