Alexander Kolesnik wrote:
> Hello,
>
> We're accounting traffic for users by ULOG-ipcad chain. Some time ago
> I've found that some of users traffic does not appear in ipcad. To
> check that this is not ipcad's problem I've installed ulogd and found
> following in its log:
> Fri Feb 27 15:25:56 2009 <3> ulogd.c:487 ulogd Version 1.22 starting
> Fri Feb 27 15:25:56 2009 <5> ulogd.c:766 initialization finished, entering main loop
> Fri Feb 27 15:27:00 2009 <7> ulogd.c:777 ipulog_read == -1! ipulog_errno == 6, errno = 105
> Fri Feb 27 15:27:02 2009 <7> ulogd.c:777 ipulog_read == -1! ipulog_errno == 6, errno = 105
That means that netlink cannot back off as it is hitting ENOBUFS, thus,
you are losing log messages. Hm, ulog <= 1.24 does a primitive netlink
error handling.
> I have following settings for ulog and other stuff:
> /etc/modprobe.conf:
> options nf_conntrack hashsize=2097152
> options ipt_ULOG nlbufsiz=65535 flushtimeout=100
>
> # sysctl -a|grep rmem
> net.ipv4.tcp_rmem = 4096 87380 174760
> net.core.rmem_default = 221184
> net.core.rmem_max = 4194304
>
> /etc/ulogd.conf:
> rmem=442368
^^^^^^
Rising this value will delay hitting ENOBUFS. This is the size of the
receiver buffer.
--
"Los honestos son inadaptados sociales" -- Les Luthiers
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
