On 7 September 2017 at 13:36, Arturo Borrero Gonzalez
<art...@netfilter.org> wrote:
> Is common that ulogd runs in scenarios where a lot of packets are to be 
> logged.
> If there are more packets than ulogd can handle, users can start seing log
> messages like this:
>
>  ulogd[556]: We are losing events. Please, consider using the clauses \
>  `netlink_socket_buffer_size' and `netlink_socket_buffer_maxsize'
>
> Which means that Netlink buffer overrun have happened.
> There are several approaches to prevent this situation:
>
>  * in the ruleset, limit the amount of packet queued for log
>  * in the ruleset, instruct the kernel to use a queue-threshold
>  * from userspace, increment Netlink buffer sizes
>  * from userspace, configure ulogd to run as high priority process
>
> The first 3 method can be configured by users at runtime.
> This patch deals with the last method. SCHED_RR is configured by default,
> with no associated configuration parameter for users, since I believe
> this is common enough, and should produce no harm.
>
> A similar approach is used in the conntrackd daemon.
>
> Signed-off-by: Arturo Borrero Gonzalez <art...@netfilter.org>
> ---
>  src/ulogd.c |   15 +++++++++++++++
>  1 file changed, 15 insertions(+)
>

Eric did ACK this via IRC, please someone push the patch.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to