summaryrefslogtreecommitdiff
path: root/src/sync-notrack.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2009-01-15 23:19:58 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2009-01-15 23:19:58 +0100
commit2cacd3a802510bde43e23cf4c7d39f51a2eaf460 (patch)
tree0f14343829df1fee20549a22544060b21587a841 /src/sync-notrack.c
parent8dce3504fde7da933dc6e7ecfeb99b4b45125f32 (diff)
downloadconntrack-tools-2cacd3a802510bde43e23cf4c7d39f51a2eaf460.tar.gz
conntrack-tools-2cacd3a802510bde43e23cf4c7d39f51a2eaf460.zip
run: relax resynchronization algorithm when netlink overruns
This patch relaxes the current approach when netlink reports overruns. There are two situations that can trigger a resynchronization with the kernel conntrack table: a) Netlink overruns because the receiver buffer is too small: increasing the netlink buffer size and schedule a resync with the kernel table conntrack to resolve the inconsistency. The sysadmin would notice in the logs and will try to set a bigger buffer in the configuration file. b) The system is under heavy workload (CPU is too busy): we should avoid resync with the kernel table since this is an expensive operation. We do our best here and keep replicating as much states as possible. If CPU consumption lowers at some point, the we will try to resync ourselves. This patch reduces the chances to resynchronize with the kernel conntrack table unless that two overruns do not happen in an internal of 30 seconds. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/sync-notrack.c')
0 files changed, 0 insertions, 0 deletions