[pve-devel] [PATCH firewall] make nfct_catch non-blocking
Alexandre DERUMIER
aderumier at odiso.com
Thu Jan 10 16:32:50 CET 2019
Just tested, no difference. (but I don't see ENOBUFS since I have increase net.ipv4.tcp_rmem)
But I have reproduce my new hang,
and it seem that the pvefw-logger process was not running anymore. (seem to be a crash, I don't seen any out of memory).
----- Mail original -----
De: "Thomas Lamprecht" <t.lamprecht at proxmox.com>
À: "pve-devel" <pve-devel at pve.proxmox.com>, "David Limbeck" <d.limbeck at proxmox.com>, "Wolfgang Bumiller" <w.bumiller at proxmox.com>
Envoyé: Jeudi 10 Janvier 2019 14:53:11
Objet: Re: [pve-devel] [PATCH firewall] make nfct_catch non-blocking
On 1/10/19 1:51 PM, David Limbeck wrote:
>
> On 1/10/19 1:49 PM, Wolfgang Bumiller wrote:
>> On Thu, Jan 10, 2019 at 12:08:28PM +0100, David Limbeck wrote:
>>> nfct_catch blocks if the callback always returns NFCT_CB_CONTINUE. this
>>> works around the problem by setting the underlying file descriptor to
>>> O_NONBLOCK. this should allow the callback to run multiple times and
>>> catch as many events as possible before nfct_catch returns.
>>>
>>> Signed-off-by: David Limbeck <d.limbeck at proxmox.com>
>>> ---
>>> maybe this improves the ENOBUFS situation? it should result in equal or
>>> more messages though as the callback is run multiple times before
>>> nfct_catch returns.
>> I wouldn't expect a change in the ENOBUFS situation but rather just more
>> output happening which may have previously been lost from already-read
>> packet parts.
>>
>> @Alexandre, could you give this a try?
> For ENOBUFS we could try setting NETLINK_NO_ENOBUFS with setsockopt as mentioned by @Thomas.
together with NETLINK_BROADCAST_SEND_ERROR[0], ulogd uses this[1] too.
[0]: https://patchwork.ozlabs.org/patch/24919/ (second b) bullet point)
[1]: https://git.netfilter.org/ulogd2/tree/input/flow/ulogd_inpflow_NFCT.c#n1322
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list