conntrackd: change scheduler and priority via configuration file

With this patch, you can change the scheduler policy and priority
for conntrackd. Using a RT scheduler policy reduces the chances to
hit ENOBUFS in Netlink.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

3 files changed, 51 insertions, 1 deletions

diff --git a/src/main.c b/src/main.c
index 62ae599..7507ae5 100644
--- a/src/main.c
+++ b/src/main.c
@@ -26,6 +26,7 @@
 #include <string.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <sched.h>
 #include <limits.h>
 
 struct ct_general_state st;
@@ -296,6 +297,23 @@ int main(int argc, char *argv[])
 	close(ret);
 
 	/*
+	 * Setting process priority and scheduler
+	 */
+	nice(CONFIG(nice));
+
+	if (CONFIG(sched).type != SCHED_OTHER) {
+		struct sched_param schedparam = {
+			.sched_priority = CONFIG(sched).prio,
+		};
+
+		ret = sched_setscheduler(0, CONFIG(sched).type, &schedparam);
+		if (ret == -1) {
+			perror("sched");
+			exit(EXIT_FAILURE);
+		}
+	}
+
+	/*
 	 * initialization process
 	 */
 
@@ -309,7 +327,6 @@ int main(int argc, char *argv[])
 
 	chdir("/");
 	close(STDIN_FILENO);
-	nice(CONFIG(nice));
 
 	/* Daemonize conntrackd */
 	if (type == DAEMON) {
diff --git a/src/read_config_lex.l b/src/read_config_lex.l
index 44ccf0b..3d5913e 100644
--- a/src/read_config_lex.l
+++ b/src/read_config_lex.l
@@ -132,6 +132,9 @@ notrack		[N|n][O|o][T|t][R|r][A|a][C|c][K|k]
 "PollSecs"			{ return T_POLL_SECS; }
 "NetlinkOverrunResync"		{ return T_NETLINK_OVERRUN_RESYNC; }
 "Nice"				{ return T_NICE; }
+"Scheduler"			{ return T_SCHEDULER; }
+"Type"				{ return T_TYPE; }
+"Priority"			{ return T_PRIO; }
 
 {is_on}			{ return T_ON; }
 {is_off}		{ return T_OFF; }
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 152f33e..56fd2f8 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -29,6 +29,7 @@
 #include "bitops.h"
 #include "cidr.h"
 #include <syslog.h>
+#include <sched.h>
 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
 #include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
 
@@ -70,6 +71,7 @@ static void __max_dedicated_links_reached(void);
 %token T_FILTER T_ADDRESS T_PROTOCOL T_STATE T_ACCEPT T_IGNORE
 %token T_FROM T_USERSPACE T_KERNELSPACE T_EVENT_ITER_LIMIT T_DEFAULT
 %token T_NETLINK_OVERRUN_RESYNC T_NICE T_IPV4_DEST_ADDR T_IPV6_DEST_ADDR
+%token T_SCHEDULER T_TYPE T_PRIO
 
 %token <string> T_IP T_PATH_VAL
 %token <val> T_NUMBER
@@ -870,6 +872,7 @@ general_line: hashsize
 	    | filter
 	    | netlink_overrun_resync
 	    | nice
+	    | scheduler
 	    ;
 
 netlink_buffer_size: T_BUFFER_SIZE T_NUMBER
@@ -902,6 +905,33 @@ nice : T_NICE T_SIGNED_NUMBER
 	conf.nice = $2;
 };
 
+scheduler : T_SCHEDULER '{' scheduler_options '}';
+
+scheduler_options :
+		  | scheduler_options scheduler_line
+		  ;
+
+scheduler_line : T_TYPE T_STRING
+{
+	if (strcasecmp($2, "rr") == 0) {
+		conf.sched.type = SCHED_RR;
+	} else if (strcasecmp($2, "fifo") == 0) {
+		conf.sched.type = SCHED_FIFO;
+	} else {
+		print_err(CTD_CFG_ERROR, "unknown scheduler `%s'", $2);
+		exit(EXIT_FAILURE);
+	}
+};
+
+scheduler_line : T_PRIO T_NUMBER
+{
+	conf.sched.prio = $2;
+	if (conf.sched.prio < 0 || conf.sched.prio > 99) {
+		print_err(CTD_CFG_ERROR, "`Priority' must be [0, 99]\n", $2);
+		exit(EXIT_FAILURE);
+	}
+};
+
 family : T_FAMILY T_STRING
 {
 	if (strncmp($2, "IPv6", strlen("IPv6")) == 0)