diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-01-15 23:19:35 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-01-15 23:19:35 +0100 |
commit | b28224b0326636ff5832b38817b7720f48070ee7 (patch) | |
tree | e1b6856b8c852d9c672af2559e17ecab78355246 /src/run.c | |
parent | 4556b3fb39dd80e958ff70f3496d06ec04f3839d (diff) | |
download | conntrack-tools-b28224b0326636ff5832b38817b7720f48070ee7.tar.gz conntrack-tools-b28224b0326636ff5832b38817b7720f48070ee7.zip |
run: limit the number of iterations over the event handling
Currently, the event handling can starve other event file
descriptors. This patch limits the number of event handling
iterations. The parameter is tunable via configuration file.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/run.c')
-rw-r--r-- | src/run.c | 11 |
1 files changed, 8 insertions, 3 deletions
@@ -219,7 +219,7 @@ static int event_handler(enum nf_conntrack_msg_type type, /* skip user-space filtering if already do it in the kernel */ if (ct_filter_conntrack(ct, !CONFIG(filter_from_kernelspace))) { STATE(stats).nl_events_filtered++; - return NFCT_CB_STOP; + goto out; } switch(type) { @@ -238,7 +238,12 @@ static int event_handler(enum nf_conntrack_msg_type type, break; } - return NFCT_CB_CONTINUE; +out: + if (STATE(event_iterations_limit)-- <= 0) { + STATE(event_iterations_limit) = CONFIG(event_iterations_limit); + return NFCT_CB_STOP; + } else + return NFCT_CB_CONTINUE; } static int dump_handler(enum nf_conntrack_msg_type type, @@ -397,7 +402,7 @@ static void __run(struct timeval *next_alarm) /* conntrack event has happened */ if (FD_ISSET(nfct_fd(STATE(event)), &readfds)) { - while ((ret = nfct_catch(STATE(event))) != -1); + ret = nfct_catch(STATE(event)); if (ret == -1) { switch(errno) { case ENOBUFS: |