"No buffer space available" upon ipq_read

"No buffer space available" upon ipq_read

[Christian Riechmann]

Hello,

I am sure some one can give me a short answer to the following problem:

Sometimes - for the moment I would say "randomly" - during a relative
long run upon an ipq_read request I get the error
	"Failed to receive netlink message: No buffer space available"

My questions are:
	Which buffer is meant ? 
and
	Which are some reasons for this error situation ?

I use iptables- 1.2.9 and I am pretty sure, that all packets read into
user space are verdicted. The user space program does not expand its used
memory the more it runs.

Thanks in advance for some pointers.

Christian

-- 
Christian Riechmann    E-Mail: riechmann@fgan.de
c/o FGAN/FKIE          Tel: (+49) 228/9435 345,378
Neuenahrer Strasse 20  Fax: (+49) 228/9435 685
D-53343 Wachtberg, Germany

Re: "No buffer space available" upon ipq_read

[Pablo Neira]

Christian Riechmann wrote:

>	Which buffer is meant ? 
>  
>

there's a buffer in kernel space, if I remember well, when it gets full 
the socket flag overrun is set, that's why you get that error when you 
try to read() in user space.

>and
>	Which are some reasons for this error situation ?
>  
>

kernel has sent more messages than it can storage in the buffer.

>I use iptables- 1.2.9 and I am pretty sure, that all packets read into
>user space are verdicted. The user space program does not expand its used
>memory the more it runs.
>  
>

This is netlink related, note that libipq is built on top of netlink 
sockets so it inherits this limitation.

you could fix that setting a bigger buffer via sysctl:

echo 524280 > /proc/sys/net/core/rmem_default
echo 524280 > /proc/sys/net/core/rmem_max
echo 524280 > /proc/sys/net/core/wmem_default
echo 524280 > /proc/sys/net/core/wmem_max

regards,
Pablo