From febb3cceac1889fb6558b8ef40ac733072fdcd47 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 10 Sep 2012 13:17:24 +0200
Subject: conntrackd: cthelper: add QueueLen option

This patch adds the QueueLen option, that allows you to increase
the maximum number of packets waiting in the nfnetlink_queue to
receive a verdict from userspace.

Rising the default value (1024) is useful to avoid hitting the following
error message: "nf_queue: full at X entries, dropping packets(s)".

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/cthelper.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src/cthelper.c')

diff --git a/src/cthelper.c b/src/cthelper.c
index c119869..307be96 100644
--- a/src/cthelper.c
+++ b/src/cthelper.c
@@ -353,8 +353,9 @@ static int cthelper_setup(struct ctd_helper_instance *cur)
 	nfct_helper_attr_set_u32(t, NFCTH_ATTR_STATUS,
 					NFCT_HELPER_STATUS_ENABLED);
 
-	dlog(LOG_NOTICE, "configuring helper `%s' with queuenum=%d",
-		cur->helper->name, cur->queue_num);
+	dlog(LOG_NOTICE, "configuring helper `%s' with queuenum=%d and "
+			 "queuelen=%d", cur->helper->name, cur->queue_num,
+			 cur->queue_len);
 
 	for (j=0; j<CTD_HELPER_POLICY_MAX; j++) {
 		struct nfct_helper_policy *p;
@@ -433,6 +434,7 @@ static int cthelper_nfqueue_setup(struct ctd_helper_instance *cur)
 	nfq_nlmsg_cfg_put_params(nlh, NFQNL_COPY_PACKET, 0xffff);
 	mnl_attr_put_u32(nlh, NFQA_CFG_FLAGS, htonl(NFQA_CFG_F_CONNTRACK));
 	mnl_attr_put_u32(nlh, NFQA_CFG_MASK, htonl(0xffffffff));
+	mnl_attr_put_u32(nlh, NFQA_CFG_QUEUE_MAXLEN, htonl(cur->queue_len));
 
 	if (mnl_socket_sendto(STATE_CTH(nl), nlh, nlh->nlmsg_len) < 0) {
 		dlog(LOG_ERR, "failed to send configuration");
-- 
cgit v1.2.3