queue_maxlen

queue_maxlen

[robert]

Does NFQUEUE use the value in /proc/sys/net/ip_queue_maxlen?  If not,  
is it possible to modify the maximum queue length for NFQUEUE?

cheers,
robert

Re: queue_maxlen

[Eric Leblond]

Hi,

Le mardi 17 octobre 2006 à 15:43 -0700, robert a écrit :
> Does NFQUEUE use the value in /proc/sys/net/ip_queue_maxlen?  If not,  
> is it possible to modify the maximum queue length for NFQUEUE?

Not with vanilla tree.

I've post a patch to enable it some times ago but It has not been
incorporated into main tree :

http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=3628
http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=3629

With that patch it is possible to do so on a per-queue basis by using
the new function nfq_set_queue_maxlen.

BR,
--
Eric Leblond

Re: queue_maxlen

[Patrick McHardy]

Eric Leblond wrote:
> Hi,
> 
> Le mardi 17 octobre 2006 à 15:43 -0700, robert a écrit :
> 
>>Does NFQUEUE use the value in /proc/sys/net/ip_queue_maxlen?  If not,  
>>is it possible to modify the maximum queue length for NFQUEUE?
> 
> 
> Not with vanilla tree.
> 
> I've post a patch to enable it some times ago but It has not been
> incorporated into main tree :
> 
> http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=3628
> http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=3629
> 
> With that patch it is possible to do so on a per-queue basis by using
> the new function nfq_set_queue_maxlen.

Please resend, I probably missed it.

[Patch 1/2] queue_maxlen

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 862 bytes --]

Hi,

Here's the kernel patch for queue_maxlen settings.

BR,

Le vendredi 20 octobre 2006 à 12:03 +0200, Patrick McHardy a écrit :
> Eric Leblond wrote:
> > Hi,
> > 
> > Le mardi 17 octobre 2006 à 15:43 -0700, robert a écrit :
> > 
> >>Does NFQUEUE use the value in /proc/sys/net/ip_queue_maxlen?  If not,  
> >>is it possible to modify the maximum queue length for NFQUEUE?
> > 
> > 
> > Not with vanilla tree.
> > 
> > I've post a patch to enable it some times ago but It has not been
> > incorporated into main tree :
> > 
> > http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=3628
> > http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=3629
> > 
> > With that patch it is possible to do so on a per-queue basis by using
> > the new function nfq_set_queue_maxlen.
> 
> Please resend, I probably missed it.
> 
> 

[-- Attachment #2: specify-queue-max-length-from-userspace.patch --]
[-- Type: text/x-vhdl, Size: 1187 bytes --]

------------------------------------------------------------------------
 
Signed-off-by: Eric Leblond <eric@inl.fr>
 
 
---
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
index 9e77437..22ffac0 100644
--- a/include/linux/netfilter/nfnetlink_queue.h
+++ b/include/linux/netfilter/nfnetlink_queue.h
@@ -82,6 +82,7 @@ enum nfqnl_attr_config {
 	NFQA_CFG_UNSPEC,
 	NFQA_CFG_CMD,			/* nfqnl_msg_config_cmd */
 	NFQA_CFG_PARAMS,		/* nfqnl_msg_config_params */
+	NFQA_CFG_QUEUE_MAXLEN,		/* u_int32_t */
 	__NFQA_CFG_MAX
 };
 #define NFQA_CFG_MAX (__NFQA_CFG_MAX-1)
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 86a4ac3..936c86b 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -939,6 +939,14 @@ nfqnl_recv_config(struct sock *ctnl, str
 				ntohl(params->copy_range));
 	}
 
+	if (nfqa[NFQA_CFG_QUEUE_MAXLEN-1]) {
+		u_int32_t *queue_maxlen;
+		queue_maxlen = NFA_DATA(nfqa[NFQA_CFG_QUEUE_MAXLEN-1]);
+		spin_lock_bh(&queue->lock);
+		queue->queue_maxlen = ntohl(*queue_maxlen);
+		spin_unlock_bh(&queue->lock);
+	}
+
 out_put:
 	instance_put(queue);
 	return ret;

Re: [Patch 1/2] queue_maxlen

[Patrick McHardy]

Eric Leblond wrote:
> Here's the kernel patch for queue_maxlen settings.

This looks fine, but the merge window for 2.6.19 is closed.
I'm going to queue this in my inbox for 2.6.20 until Dave
opens his net-2.6.20 tree, but I might ask for a resend if
it stops applying for some reason.

[Patch 2/2] queue_maxlen

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 866 bytes --]

Hi,

Here's the userspace patch against libnetfilter_queue.

BR,

Le vendredi 20 octobre 2006 à 12:03 +0200, Patrick McHardy a écrit :
> Eric Leblond wrote:
> > Hi,
> > 
> > Le mardi 17 octobre 2006 à 15:43 -0700, robert a écrit :
> > 
> >>Does NFQUEUE use the value in /proc/sys/net/ip_queue_maxlen?  If not,  
> >>is it possible to modify the maximum queue length for NFQUEUE?
> > 
> > 
> > Not with vanilla tree.
> > 
> > I've post a patch to enable it some times ago but It has not been
> > incorporated into main tree :
> > 
> > http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=3628
> > http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=3629
> > 
> > With that patch it is possible to do so on a per-queue basis by using
> > the new function nfq_set_queue_maxlen.
> 
> Please resend, I probably missed it.
> 
> 

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: libnetfilter_queue-specify-queue-max-length-from-userspace.patch --]
[-- Type: text/x-vhdl; name=libnetfilter_queue-specify-queue-max-length-from-userspace.patch; charset=us-ascii, Size: 2712 bytes --]

------------------------------------------------------------------------
 
Signed-off-by: Eric Leblond <eric@inl.fr>
 
 
---


Index: include/libnetfilter_queue/linux_nfnetlink_queue.h
===================================================================
--- include/libnetfilter_queue/linux_nfnetlink_queue.h	(révision 6470)
+++ include/libnetfilter_queue/linux_nfnetlink_queue.h	(copie de travail)
@@ -1,13 +1,13 @@
 #ifndef _NFNETLINK_QUEUE_H
 #define _NFNETLINK_QUEUE_H
 
-#include <linux/types.h>
-#include <libnfnetlink/linux_nfnetlink.h>
-
 #ifndef aligned_u64
 #define aligned_u64 unsigned long long __attribute__((aligned(8)))
 #endif
 
+#include <linux/types.h>
+#include <libnfnetlink/linux_nfnetlink.h>
+
 enum nfqnl_msg_types {
 	NFQNL_MSG_PACKET,		/* packet from kernel to userspace */
 	NFQNL_MSG_VERDICT,		/* verdict from userspace to kernel */
@@ -86,6 +86,7 @@
 	NFQA_CFG_UNSPEC,
 	NFQA_CFG_CMD,			/* nfqnl_msg_config_cmd */
 	NFQA_CFG_PARAMS,		/* nfqnl_msg_config_params */
+	NFQA_CFG_QUEUE_MAXLEN,		/* u_int32_t */
 	__NFQA_CFG_MAX
 };
 #define NFQA_CFG_MAX (__NFQA_CFG_MAX-1)
Index: include/libnetfilter_queue/libnetfilter_queue.h
===================================================================
--- include/libnetfilter_queue/libnetfilter_queue.h	(révision 6470)
+++ include/libnetfilter_queue/libnetfilter_queue.h	(copie de travail)
@@ -49,6 +49,9 @@
 extern int nfq_set_mode(struct nfq_q_handle *qh,
 			  u_int8_t mode, unsigned int len);
 
+int nfq_set_queue_maxlen(struct nfq_q_handle *qh,
+			u_int32_t queuelen);
+
 extern int nfq_set_verdict(struct nfq_q_handle *qh,
 			     u_int32_t id,
 			     u_int32_t verdict,
Index: src/libnetfilter_queue.c
===================================================================
--- src/libnetfilter_queue.c	(révision 6470)
+++ src/libnetfilter_queue.c	(copie de travail)
@@ -288,6 +288,23 @@
 	return nfnl_talk(qh->h->nfnlh, nmh, 0, 0, NULL, NULL, NULL);
 }
 
+int nfq_set_queue_maxlen(struct nfq_q_handle *qh,
+				u_int32_t queuelen)
+{
+	char buf[NFNL_HEADER_LEN
+		+NFA_LENGTH(sizeof(struct nfqnl_msg_config_params))];
+	u_int32_t queue_maxlen = htonl(queuelen);
+	struct nlmsghdr *nmh = (struct nlmsghdr *) buf;
+
+	nfnl_fill_hdr(qh->h->nfnlssh, nmh, 0, AF_UNSPEC, qh->id,
+			NFQNL_MSG_CONFIG, NLM_F_REQUEST|NLM_F_ACK);
+
+	nfnl_addattr_l(nmh, sizeof(buf), NFQA_CFG_QUEUE_MAXLEN, &queue_maxlen,
+			sizeof(queue_maxlen));
+
+	return nfnl_talk(qh->h->nfnlh, nmh, 0, 0, NULL, NULL, NULL);
+}
+
 static int __set_verdict(struct nfq_q_handle *qh, u_int32_t id,
 		u_int32_t verdict, u_int32_t mark, int set_mark,
 		u_int32_t data_len, unsigned char *data)