Re: NFLOG - missing packets?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Anton <anton.vazir@gmail.com>, Eric Leblond <eric@inl.fr>,
	netfilter-devel@vger.kernel.org
Subject: Re: NFLOG - missing packets?
Date: Wed, 14 May 2008 19:53:47 +0200	[thread overview]
Message-ID: <482B272B.3040906@trash.net> (raw)
In-Reply-To: <482B2626.8080902@netfilter.org>

Pablo Neira Ayuso wrote:
> Anton wrote:
>> Just some extra results,
>>
>> seems DB drivers does such a difference, since while logging 
>> to LOGEMU (only) target - I've go result which looks true. 
>> But - If I enable DB logger - results in DB and LOGEMU - 
>> are the same. Looks like DB transfers makes ULOG to not 
>> accept packets from kernelspace
> 
> The problem is netlink that cannot back off. Netlink is the underlying
> communication subsystem that we use to communicate kernel with usepace
> space. Since Netlink is unreliable, some log messages can vanish under
> heavy load. I guess that database insertions consumes lots of CPU
> resouces. Thus, doing online database logging in a scalable manner turns
> really hard. Instead, if you need scalability, I'd suggest to use logemu
> or whatever plain text logging facility and then convert it to a
> database *offline* if you really need advanced queries.


Yeah, but what we can do is check whether the message
was successfully transmitted in the kernel and drop
the packet in case it wasn't. That should catch 99.9%
of all error cases since a slow databse effectively
only causes the process to read less often from the
netlink socket.

I still have a very old and unfinished patch for this
somewhere ...

next prev parent reply	other threads:[~2008-05-14 17:53 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-05-10 11:57 NFLOG - missing packets? Anton
2008-05-10 12:50 ` Anton
2008-05-11 16:18   ` Eric Leblond
2008-05-12  7:24     ` Anton
2008-05-14 17:49       ` Pablo Neira Ayuso
2008-05-14 17:53         ` Patrick McHardy [this message]
2008-05-15  5:42           ` Anton
2008-05-14 23:01         ` Eric Leblond
2008-05-12  9:19     ` Anton
2008-05-12 11:53     ` Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=482B272B.3040906@trash.net \
    --to=kaber@trash.net \
    --cc=anton.vazir@gmail.com \
    --cc=eric@inl.fr \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.