All of lore.kernel.org
 help / color / mirror / Atom feed
* Default netfilter kernel buffer size?
@ 2014-06-12 21:29 Cade Robinson
  2014-06-16  9:35 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 5+ messages in thread
From: Cade Robinson @ 2014-06-12 21:29 UTC (permalink / raw)
  To: netfilter

I have been searching around and can't find it so maybe someone can tell me.

I am looking for the default size of the kernel queue netfilter uses and if
there is a /proc file to see what the current setting is?

 

The story is I have a program that marks packets coming into netfilter.

On slower devices while a blacklist loads I have run into ENOBUFS error from
recv.

I am thinking that if I use nfq_set_queue_maxlen to set this to a higher
number I won't get the ENOBUFS error but I can't find the default to know
what may be a larger number.

Also I can't find any /proc file to show me the current number.  Does one
exist and is it the same for 2.6.20+ kernels?

 

This is on a 3.14.6 kernel with netfiler 1.0.2 and nfnetlink 1.0.1


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: Default netfilter kernel buffer size?
  2014-06-12 21:29 Default netfilter kernel buffer size? Cade Robinson
@ 2014-06-16  9:35 ` Pablo Neira Ayuso
  2014-06-16 13:28   ` Cade Robinson
  0 siblings, 1 reply; 5+ messages in thread
From: Pablo Neira Ayuso @ 2014-06-16  9:35 UTC (permalink / raw)
  To: Cade Robinson; +Cc: netfilter

Hi,

I guess you're refering to libnetfilter_queue.

On Thu, Jun 12, 2014 at 04:29:36PM -0500, Cade Robinson wrote:
> I have been searching around and can't find it so maybe someone can tell me.
> 
> I am looking for the default size of the kernel queue netfilter uses and if
> there is a /proc file to see what the current setting is?
>  
> 
> The story is I have a program that marks packets coming into netfilter.
> 
> On slower devices while a blacklist loads I have run into ENOBUFS error from
> recv.
> 
> I am thinking that if I use nfq_set_queue_maxlen to set this to a higher
> number I won't get the ENOBUFS error but I can't find the default to know
> what may be a larger number.

Please, have a look at the documentation:

http://www.netfilter.org/projects/libnetfilter_queue/doxygen/

It refers to this problem.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* RE: Default netfilter kernel buffer size?
  2014-06-16  9:35 ` Pablo Neira Ayuso
@ 2014-06-16 13:28   ` Cade Robinson
  2014-06-25  7:12     ` SplitIce
  0 siblings, 1 reply; 5+ messages in thread
From: Cade Robinson @ 2014-06-16 13:28 UTC (permalink / raw)
  To: 'Pablo Neira Ayuso'; +Cc: netfilter

> Please, have a look at the documentation:

> http://www.netfilter.org/projects/libnetfilter_queue/doxygen/

> It refers to this problem.

Thanks - that gives me more ideas of what to do if my current fix doesn't
work.
What I have done is added code to set queue length using
nfq_set_queue_maxlen.
This seems to have worked as well so far.

But what I am looking for and can't find is what is the default queue length
and is there a /proc file that shows the current length?


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: Default netfilter kernel buffer size?
  2014-06-16 13:28   ` Cade Robinson
@ 2014-06-25  7:12     ` SplitIce
  2014-06-25 14:12       ` Cade Robinson
  0 siblings, 1 reply; 5+ messages in thread
From: SplitIce @ 2014-06-25  7:12 UTC (permalink / raw)
  To: netfilter

I too have a question in regards to this,

Ive been facing the same problem with some code of my own. I am using
a nf netlink socket via libpcap (nflog:{ID}) and experiencing ENOBUFS
during peaks.

I attempted to use
setsockopt(pcap_fileno(p), SOL_NETLINK, NETLINK_NO_ENOBUFS, &(int){1},
sizeof(int));

before

pcap_activate(p);

without success. Suggestions? Cade, did you resolve the problem?

On Mon, Jun 16, 2014 at 11:28 PM, Cade Robinson <cade.robinson@gmail.com> wrote:
>> Please, have a look at the documentation:
>
>> http://www.netfilter.org/projects/libnetfilter_queue/doxygen/
>
>> It refers to this problem.
>
> Thanks - that gives me more ideas of what to do if my current fix doesn't
> work.
> What I have done is added code to set queue length using
> nfq_set_queue_maxlen.
> This seems to have worked as well so far.
>
> But what I am looking for and can't find is what is the default queue length
> and is there a /proc file that shows the current length?
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 5+ messages in thread
* RE: Default netfilter kernel buffer size?
  2014-06-25  7:12     ` SplitIce
@ 2014-06-25 14:12       ` Cade Robinson
  0 siblings, 0 replies; 5+ messages in thread
From: Cade Robinson @ 2014-06-25 14:12 UTC (permalink / raw)
  To: 'SplitIce', 'netfilter'




>Cade, did you resolve the problem?

>> But what I am looking for and can't find is what is the default queue length
>> and is there a /proc file that shows the current length?

I haven't found the default queue length so I keep trying different numbers.  
Would be nice to know the default so I can tell where I am in tuning the queue.
Also haven't found a /proc - guessing there isn't one.

I was going to look at no ENOBUF errors to see what that did.
Also was going to look at a possible automatic rebind/recreate of the queue.



^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-06-25 14:12 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-06-12 21:29 Default netfilter kernel buffer size? Cade Robinson
2014-06-16  9:35 ` Pablo Neira Ayuso
2014-06-16 13:28   ` Cade Robinson
2014-06-25  7:12     ` SplitIce
2014-06-25 14:12       ` Cade Robinson

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.