All of lore.kernel.org
 help / color / mirror / Atom feed
From: Helmut Grohne <h.grohne@cygnusnetworks.de>
To: netfilter@vger.kernel.org
Subject: Re: What does nflog_unbind_pf actually do?
Date: Thu, 3 Feb 2011 13:00:52 +0100	[thread overview]
Message-ID: <20110203120052.GA4217@buero.cygnusnet.de> (raw)
In-Reply-To: <20110125125426.GA7749@buero.cygnusnet.de>

Thanks to Florian Westphal (fw on Freenode) for helping me sort this
out.

On Tue, Jan 25, 2011 at 01:54:27PM +0100, Helmut Grohne wrote:
> I was wondering what nflog_unbind_pf actually does. The doxygen comment
> suggests it to be a harmless setup function acting on a given handle:
> 
> libnetfilter-log src/libnetfilter_log.c:
> | /**
> |  * nflog_unbind_pf - unbind nflog handler from a protocol family
> |  * \param h Netfilter log handle obtained via call to nflog_open()
> |  * \param pf protocol family to unbind family from
> |  *
> |  * Unbinds the given nflog handle from processing packets belonging
> |  * to the given protocol family.
> |  */

This comment is indeed very misleading. Actually the passed handle plays
no role in the modification apart from providing access. The NFLOG
iptables target has different ways to log packets. Currently the only
logger is netlink. The state can be observed by examining
/proc/net/netfilter/nf_log. This file maps protocol numbers to loggers.
So nflog_{,un}bind_pf really modifies a global and persistent kernel
data structure. The default logger is "NONE" or "NULL" which means no
logging, so it has to be set up once. Trying to do so in parallel will
result in race conditions.

Furthermore I'd like to remark that if you handle lots of packets the in
kernel buffer might be too small. This can result in packets being
dropped which is signaled by ENOBUFS being returned from recv. The
socket can be used normally after this error. To avoid this situation
the receive buffer size can be increased using setsockopt
SO_RCVBUFFORCE.

Helmut

  reply	other threads:[~2011-02-03 12:00 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-01-25 12:54 What does nflog_unbind_pf actually do? Helmut Grohne
2011-02-03 12:00 ` Helmut Grohne [this message]
2011-02-03 13:27   ` Pablo Neira Ayuso
2011-02-03 17:24     ` Helmut Grohne
2011-02-04  9:56       ` Pablo Neira Ayuso
2011-02-10  8:52         ` Helmut Grohne
2011-02-11 14:29           ` Pablo Neira Ayuso
2011-02-14 14:31             ` ENOBUFS missing in man recv(2) [Initially: What does nflog_unbind_pf actually do?] Helmut Grohne

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110203120052.GA4217@buero.cygnusnet.de \
    --to=h.grohne@cygnusnetworks.de \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.