run: limit the number of iterations over the event handling

Currently, the event handling can starve other event file
descriptors. This patch limits the number of event handling
iterations. The parameter is tunable via configuration file.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 10 insertions, 1 deletions

diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 69a7eff..274bfc3 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -59,7 +59,7 @@ static void __kernel_filter_add_state(int value);
 %token T_SYSLOG T_WRITE_THROUGH T_STAT_BUFFER_SIZE T_DESTROY_TIMEOUT
 %token T_MCAST_RCVBUFF T_MCAST_SNDBUFF T_NOTRACK
 %token T_FILTER T_ADDRESS T_PROTOCOL T_STATE T_ACCEPT T_IGNORE
-%token T_FROM T_USERSPACE T_KERNELSPACE
+%token T_FROM T_USERSPACE T_KERNELSPACE T_EVENT_ITER_LIMIT
 
 %token <string> T_IP T_PATH_VAL
 %token <val> T_NUMBER
@@ -681,6 +681,7 @@ general_line: hashsize
 	    | netlink_buffer_size
 	    | netlink_buffer_size_max_grown
 	    | family
+	    | event_iterations_limit
 	    | filter
 	    ;
 
@@ -702,6 +703,11 @@ family : T_FAMILY T_STRING
 		conf.family = AF_INET;
 };
 
+event_iterations_limit : T_EVENT_ITER_LIMIT T_NUMBER
+{
+	CONFIG(event_iterations_limit) = $2;
+};
+
 filter : T_FILTER '{' filter_list '}'
 {
 	CONFIG(filter_from_kernelspace) = 0;
@@ -1096,5 +1102,8 @@ init_config(char *filename)
 	if (conf.flags & CTD_SYNC_FTFW && CONFIG(del_timeout) == 0)
 		CONFIG(del_timeout) = 240;
 
+	if (CONFIG(event_iterations_limit) == 0)
+		CONFIG(event_iterations_limit) = 100;
+
 	return 0;
 }