NFCT: add configurable option to set the value of the resynchronization timer

This patch adds `netlink_resync_timeout' that allows you to set
the number of seconds that we wait to perform a resynchronization
due to a netlink overrun. This patch changes the default timeout
from 2 to 60 seconds (less agressive).

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c
index deaf887cd6e9489e8b206c1e882157a9bbac66f4..f7e84ac5d77d0625d0799cac12e2392f4eb5e091 100644 (file)
--- a/input/flow/ulogd_inpflow_NFCT.c
+++ b/input/flow/ulogd_inpflow_NFCT.c
@@ -114,6 +114,12 @@ static struct config_keyset nfct_kset = {
                        .options = CONFIG_OPT_NONE,
                        .u.value = 0,
                },
+               {
+                       .key     = "netlink_resync_timeout",
+                       .type    = CONFIG_TYPE_INT,
+                       .options = CONFIG_OPT_NONE,
+                       .u.value = 60,
+               },
        },
 };
 #define pollint_ce(x)  (x->ces[0])
@@ -123,6 +129,7 @@ static struct config_keyset nfct_kset = {
 #define eventmask_ce(x) (x->ces[4])
 #define nlsockbufsize_ce(x) (x->ces[5])
 #define nlsockbufmaxsize_ce(x) (x->ces[6])
+#define nlresynctimeout_ce(x) (x->ces[7])
 
 enum nfct_keys {
        NFCT_ORIG_IP_SADDR = 0,
@@ -687,13 +694,13 @@ static int read_cb_nfct(int fd, unsigned int what, void *param)
 
                        /* internal hash can deal with refresh */
                        if (usehash_ce(upi->config_kset).u.value != 0) {
-                               /* TODO: schedule a resynchronization in
-                                * two seconds, this parameter should be
-                                * configurable via config. Note that we
-                                * don't re-schedule a resync if it's
-                                * already in progress. */
+                               /* schedule a resynchronization in N
+                                * seconds, this parameter is configurable
+                                * via config. Note that we don't re-schedule
+                                * a resync if it's already in progress. */
                                if (!ulogd_timer_pending(&cpi->ov_timer)) {
-                                       ulogd_add_timer(&cpi->ov_timer, 2);
+                                       ulogd_add_timer(&cpi->ov_timer,
+                                                       nlresynctimeout_ce(upi->config_kset).u.value);
                                }
                        }
                }
@@ -767,9 +774,9 @@ static int read_cb_ovh(int fd, unsigned int what, void *param)
        if (nfct_catch(cpi->ovh) == -1) {
                /* enobufs in the overrun buffer? very rare */
                if (errno == ENOBUFS) {
-                       /* TODO: configurable resync timer */
                        if (!ulogd_timer_pending(&cpi->ov_timer)) {
-                               ulogd_add_timer(&cpi->ov_timer, 2);
+                               ulogd_add_timer(&cpi->ov_timer,
+                                               nlresynctimeout_ce(upi->config_kset).u.value);
                        }
                }
        }

diff --git a/ulogd.conf.in b/ulogd.conf.in
index 2be1c58dbd5290702106ef8cc8f47f25419e78a7..4542fc4ea531f49b539e8a789ec5ef2283f30fe6 100644 (file)
--- a/ulogd.conf.in
+++ b/ulogd.conf.in
@@ -91,6 +91,7 @@ plugin="@libdir@/ulogd/ulogd_raw2packet_BASE.so"
 [ct1]
 #netlink_socket_buffer_size=217088
 #netlink_socket_buffer_maxsize=1085440
+#netlink_resync_timeout=60 # seconds to wait to perform resynchronization
 
 [ct2]
 #netlink_socket_buffer_size=217088