nfnl_listen: recvmsg overrun: No buffer space available" in nfct_event

All of lore.kernel.org
 help / color / mirror / Atom feed

* nfnl_listen: recvmsg overrun: No buffer space available" in nfct_event_conntrack() call
@ 2007-01-31 22:31 Павел Коколемин
  2007-02-01  8:58 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 4+ messages in thread
From: Павел Коколемин @ 2007-01-31 22:31 UTC (permalink / raw)
  To: netfilter

Hello!

I am using libnetfilter_conntrack for log all connections passing via my router
(new & destroy messages).

When LAN users start network scanners (NetLook, for example),
sometimes I receive error in console:
"nfnl_listen: recvmsg overrun: No buffer space available"
generated in nfct_event_conntrack() (recvmsg() returns ENOBUFS error code).
This message generated in nfnl_listen().

When this happens, information about new/destroyed connections is lost?
How I can fix this? If this error in kernel settings?

I am using Gentoo, kernel 2.6.19-r3, try libnfnetlink-0.0.25 and
libnetfilter_conntrack-0.0.50

Pavel

PS. Sorry for my english

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: nfnl_listen: recvmsg overrun: No buffer space available" in nfct_event_conntrack() call
  2007-01-31 22:31 nfnl_listen: recvmsg overrun: No buffer space available" in nfct_event_conntrack() call Павел Коколемин
@ 2007-02-01  8:58 ` Pablo Neira Ayuso
  2007-02-01 13:56   ` Pablo Neira Ayuso
  0 siblings, 1 reply; 4+ messages in thread
From: Pablo Neira Ayuso @ 2007-02-01  8:58 UTC (permalink / raw)
  To: Павел Коколемин
  Cc: netfilter

Hi,

Павел Коколемин wrote:
> I am using libnetfilter_conntrack for log all connections passing via my 
> router (new & destroy messages).
> 
> When LAN users start network scanners (NetLook, for example),
> sometimes I receive error in console:
> "nfnl_listen: recvmsg overrun: No buffer space available"
> generated in nfct_event_conntrack() (recvmsg() returns ENOBUFS error code).
> This message generated in nfnl_listen().

Increase netlink buffer size via nfnl_rcvsiz() (libnfnetlink), the 
default size is available in /proc/sys/net/core/rmem_max. BTW, this 
message means that you have probably lost some log messages because the 
rate was so high that the buffer could not back off.

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of 
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: nfnl_listen: recvmsg overrun: No buffer space available" in nfct_event_conntrack() call
  2007-02-01  8:58 ` Pablo Neira Ayuso
@ 2007-02-01 13:56   ` Pablo Neira Ayuso
  2007-02-01 17:31     ` Павел Коколемин
  0 siblings, 1 reply; 4+ messages in thread
From: Pablo Neira Ayuso @ 2007-02-01 13:56 UTC (permalink / raw)
  To: Павел Коколемин
  Cc: netfilter

Pablo Neira Ayuso wrote:
> Павел Коколемин wrote:
>> When LAN users start network scanners (NetLook, for example),
>> sometimes I receive error in console:
>> "nfnl_listen: recvmsg overrun: No buffer space available"
>> generated in nfct_event_conntrack() (recvmsg() returns ENOBUFS error 
>> code).
>> This message generated in nfnl_listen().
> 
> Increase netlink buffer size via nfnl_rcvsiz() (libnfnetlink), the 
> default size is available in /proc/sys/net/core/rmem_max. BTW, this 
> message means that you have probably lost some log messages because the 
> rate was so high that the buffer could not back off.

Sorry, I didn't notice that there is no way to access nfnl_handle from 
libnetfilter_conntrack, instead use setsockopt(nfct_fd(h), SOL_SOCKET, 
SO_RCVBUFFORCE, &size, socklen) to set the buffer size. Anyway I'll cook 
a patch for this asap, this issue is important.

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of 
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: nfnl_listen: recvmsg overrun: No buffer space available" in nfct_event_conntrack() call
  2007-02-01 13:56   ` Pablo Neira Ayuso
@ 2007-02-01 17:31     ` Павел Коколемин
  0 siblings, 0 replies; 4+ messages in thread
From: Павел Коколемин @ 2007-02-01 17:31 UTC (permalink / raw)
  To: netfilter

2007/2/1, Pablo Neira Ayuso <pablo@netfilter.org>:
> Pablo Neira Ayuso wrote:
> > Increase netlink buffer size via nfnl_rcvsiz() (libnfnetlink), the
> > default size is available in /proc/sys/net/core/rmem_max. BTW, this
> > message means that you have probably lost some log messages because the
> > rate was so high that the buffer could not back off.
>
> Sorry, I didn't notice that there is no way to access nfnl_handle from
> libnetfilter_conntrack, instead use setsockopt(nfct_fd(h), SOL_SOCKET,
> SO_RCVBUFFORCE, &size, socklen) to set the buffer size. Anyway I'll cook
> a patch for this asap, this issue is important.

Thanks! This is solved problem!
nfnl_rcvbufsiz call doesn't change rmem_max value in my system
(probably, flag SO_RCVBUFFORCE has no effect), but I set this value manual:
echo 8388608 > /proc/sys/net/core/rmem_max


Pavel


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2007-02-01 17:31 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-01-31 22:31 nfnl_listen: recvmsg overrun: No buffer space available" in nfct_event_conntrack() call Павел Коколемин
2007-02-01  8:58 ` Pablo Neira Ayuso
2007-02-01 13:56   ` Pablo Neira Ayuso
2007-02-01 17:31     ` Павел Коколемин

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.