From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Helmut Grohne <h.grohne@cygnusnetworks.de>
Cc: netfilter@vger.kernel.org
Subject: Re: What does nflog_unbind_pf actually do?
Date: Thu, 03 Feb 2011 14:27:28 +0100 [thread overview]
Message-ID: <4D4AAD40.1060204@netfilter.org> (raw)
In-Reply-To: <20110203120052.GA4217@buero.cygnusnet.de>
On 03/02/11 13:00, Helmut Grohne wrote:
> Thanks to Florian Westphal (fw on Freenode) for helping me sort this
> out.
>
> On Tue, Jan 25, 2011 at 01:54:27PM +0100, Helmut Grohne wrote:
>> I was wondering what nflog_unbind_pf actually does. The doxygen comment
>> suggests it to be a harmless setup function acting on a given handle:
>>
>> libnetfilter-log src/libnetfilter_log.c:
>> | /**
>> | * nflog_unbind_pf - unbind nflog handler from a protocol family
>> | * \param h Netfilter log handle obtained via call to nflog_open()
>> | * \param pf protocol family to unbind family from
>> | *
>> | * Unbinds the given nflog handle from processing packets belonging
>> | * to the given protocol family.
>> | */
>
> This comment is indeed very misleading.
Let's fix it then :-)
> Actually the passed handle plays
> no role in the modification apart from providing access. The NFLOG
> iptables target has different ways to log packets. Currently the only
> logger is netlink. The state can be observed by examining
> /proc/net/netfilter/nf_log. This file maps protocol numbers to loggers.
> So nflog_{,un}bind_pf really modifies a global and persistent kernel
> data structure. The default logger is "NONE" or "NULL" which means no
> logging, so it has to be set up once. Trying to do so in parallel will
> result in race conditions.
Please, would you send me a patch so others can benefit for this
conclusion in the official documentation? I'd appreciate it.
> Furthermore I'd like to remark that if you handle lots of packets the in
> kernel buffer might be too small. This can result in packets being
> dropped which is signaled by ENOBUFS being returned from recv. The
> socket can be used normally after this error. To avoid this situation
> the receive buffer size can be increased using setsockopt
> SO_RCVBUFFORCE.
There is other things that you can do to avoid ENOBUFS, it is documented
in libnetfilter_queue but it also applies to libnetfilter_log:
http://www.netfilter.org/projects/libnetfilter_queue/doxygen/
See performance, the last two items do not apply to libnetfilter_log.
Another patch for this would be great.
next prev parent reply other threads:[~2011-02-03 13:27 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-25 12:54 What does nflog_unbind_pf actually do? Helmut Grohne
2011-02-03 12:00 ` Helmut Grohne
2011-02-03 13:27 ` Pablo Neira Ayuso [this message]
2011-02-03 17:24 ` Helmut Grohne
2011-02-04 9:56 ` Pablo Neira Ayuso
2011-02-10 8:52 ` Helmut Grohne
2011-02-11 14:29 ` Pablo Neira Ayuso
2011-02-14 14:31 ` ENOBUFS missing in man recv(2) [Initially: What does nflog_unbind_pf actually do?] Helmut Grohne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D4AAD40.1060204@netfilter.org \
--to=pablo@netfilter.org \
--cc=h.grohne@cygnusnetworks.de \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.