From: Eric Leblond <eric@regit.org>
To: netfilter@vger.kernel.org
Cc: netfilter-devel@vger.kernel.org, pablo@netfilter.org,
Eric Leblond <eric@regit.org>
Subject: [libnetfilter_queue PATCH 1/2] doxygen: improve fail-open documentation.
Date: Sun, 13 Jan 2013 23:49:35 +0100 [thread overview]
Message-ID: <1358117376-7522-1-git-send-email-eric@regit.org> (raw)
In-Reply-To: <1358117216.4629.2.camel@tiger2>
---
src/libnetfilter_queue.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c
index 9fe9dfa..f93ac66 100644
--- a/src/libnetfilter_queue.c
+++ b/src/libnetfilter_queue.c
@@ -87,6 +87,8 @@
* (requires Linux kernel >= 2.6.30).
* - see --queue-balance option in NFQUEUE target for multi-threaded apps
* (it requires Linux kernel >= 2.6.31).
+ * - consider using fail-open option see nfq_set_queue_flags() (it requires
+ * Linux kernel >= 3.6)
*/
struct nfq_handle
@@ -620,6 +622,12 @@ int nfq_set_mode(struct nfq_q_handle *qh,
flags &= ~NFQA_CFG_F_FAIL_OPEN;
err = nfq_set_queue_flags(qh, mask, flags);
\endverbatim
+ *
+ * If NFQA_CFG_F_FAIL_OPEN is used, the kernel will accept instead of
+ * drop packets that should have been enqueued to a full queue. This
+ * results in the system being able to handle high network load but at
+ * the depend of the control on the packets.
+ *
* \return -1 on error with errno set appropriately; =0 otherwise.
*/
int nfq_set_queue_flags(struct nfq_q_handle *qh,
--
1.7.10.4
next prev parent reply other threads:[~2013-01-13 22:49 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-12 12:43 libnetfilter_queue issues dorian
2013-01-12 13:23 ` Felix
2013-01-12 19:04 ` Eric Leblond
2013-01-12 19:00 ` Felix
2013-01-12 21:16 ` dorian
2013-01-12 22:12 ` Eric Leblond
2013-01-12 22:34 ` dorian
2013-01-13 11:29 ` Pablo Neira Ayuso
2013-01-13 22:46 ` Eric Leblond
2013-01-13 22:49 ` Eric Leblond [this message]
2013-01-13 22:49 ` [libnetfilter_queue PATCH 2/2] doxygen: improve documentation Eric Leblond
2013-01-14 14:24 ` libnetfilter_queue issues dorian
-- strict thread matches above, loose matches on Subject: below --
2013-01-13 23:40 [libnetfilter_queue PATCH 1/2] doxygen: improve fail-open documentation Neal Murphy
2013-01-18 0:51 ` Pablo Neira Ayuso
2013-01-18 1:20 ` Neal Murphy
2013-01-21 10:02 ` Eric Leblond
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1358117376-7522-1-git-send-email-eric@regit.org \
--to=eric@regit.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.