Medialy wrote:
Hi,
I have written a program to log the nat behavior. the program works
well when traffic is low. But when the traffic reaches 1Gb, program
always error.
According to the previous discussions about this problem, I even set
the recv buffer size to 50MB and the error still exists.
Increasing the buffer size would not solve the problem, that will only
delay the ENOBUFS error. There are several reasons why you may hit ENOBUFS:
a) your program is too slow to handle the Netlink messages that you
receive from the kernel at a given rate. This is easier to trigger if
the handling that you perform on every message takes too long.
b) the queue size is too small, but this does not seem to be your case.
ENOBUFS basically means that the kernel has to drop Netlink messages
because your user-space program cannot back-off.
For every callback, format the data and then put it into the queue
directly. The formating of data causes less then 1 second for 0.65
million records.
Errors always occurs when there are less than 10 log records.
I don't understand what you mean here above.
BTW, if you use a recent Linux kernel (>=2.6.30) you can set these two
socket options not to get ENOBUFS error and to try to improve ctnetlink
reliability.
int on = 1;
setsockopt(nfct_fd(h), SOL_NETLINK,
NETLINK_BROADCAST_SEND_ERROR, &on, sizeof(int));
setsockopt(nfct_fd(h), SOL_NETLINK,
NETLINK_NO_ENOBUFS, &on, sizeof(int));
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
