conntrackd: cthelper: add QueueLen option

This patch adds the QueueLen option, that allows you to increase
the maximum number of packets waiting in the nfnetlink_queue to
receive a verdict from userspace.

Rising the default value (1024) is useful to avoid hitting the following
error message: "nf_queue: full at X entries, dropping packets(s)".

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 13 insertions, 0 deletions

diff --git a/doc/helper/conntrackd.conf b/doc/helper/conntrackd.conf
index 80f1f92..56f5162 100644
--- a/doc/helper/conntrackd.conf
+++ b/doc/helper/conntrackd.conf
@@ -14,6 +14,16 @@ Helper {
 		# the kernel.
 		#
 		QueueNum 0
+
+		#
+		# Maximum number of packets waiting in the queue to receive
+		# a verdict from user-space. Default is 1024.
+		#
+		# Rise value if you hit the following error message:
+		# "nf_queue: full at X entries, dropping packets(s)"
+		#
+		QueueLen 10240
+
 		#
 		# Set the Expectation policy for this helper.
 		#
@@ -30,6 +40,7 @@ Helper {
 	}
 	Type rpc inet tcp {
 		QueueNum 1
+		QueueLen 10240
 		Policy rpc {
 			ExpectMax 1
 			ExpectTimeout 300
@@ -37,6 +48,7 @@ Helper {
 	}
 	Type rpc inet udp {
 		QueueNum 2
+		QueueLen 10240
 		Policy rpc {
 			ExpectMax 1
 			ExpectTimeout 300
@@ -44,6 +56,7 @@ Helper {
 	}
 	Type tns inet tcp {
 		QueueNum 3
+		QueueLen 10240
 		Policy tns {
 			ExpectMax 1
 			ExpectTimeout 300