From: Nick <vbox.nick@gmail.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Alexander Kolesnik <alexander.kolesnik@awanti.com>,
netfilter@vger.kernel.org
Subject: Re: ulog: losing packets
Date: Mon, 02 Mar 2009 19:12:29 +0200 [thread overview]
Message-ID: <49AC137D.9000503@gmail.com> (raw)
In-Reply-To: <49ABAB0D.1030304@netfilter.org>
Pablo Neira Ayuso пишет:
> Alexander Kolesnik wrote:
>
>> Hello Pablo,
>>
>> Thanks for the answer!
>>
>>
>>>> /etc/ulogd.conf:
>>>> rmem=442368
>>>>
>> PNA> ^^^^^^
>> PNA> Rising this value will delay hitting ENOBUFS. This is the size of the
>> PNA> receiver buffer.
>>
>> 1. "delay" means I will get ENOBUFS in any case (early or later)?
>>
>
> Yes, but as said, you can tune different parameters to make it harder to
> happen, like rising qthreshold, reducing cprange, setting a lower nice
> value for ulogd.
>
>
>> 2. What ENOBUFS does depend on? Packets per second? Bytes per second?
>> Amount of iptables/shaping rules? CPU performance?
>>
>
> On the queue size, bytes/s sent to ulogd and on how slow ulogd is
> reading messages.
>
>
>> 3. Is there any way to calculate or predict the high limit of
>> traffic rate/number of rules/etc when the system will still manage to
>> process ULOG without alerting with ENOBUFS?
>>
>
> I don't know any, at least yet.
>
>
>> 4. ipcad buffers (I suppose this is the same as rmem for ulogd) is set
>> to 4M:
>> /etc/ipcad.conf:
>> buffers = 4194304;
>> But I'm still losing ULOG messages. Does that mean I have to rise this
>> value more?
>>
>
> Rising the value to the infinite is not either a solution, you'll hit
> ENOBUFS sooner or later.
>
>
I experimented with the configuration, but never succeeded. Packages are
lost after 2MBit/s. For the solution of the problem I used other package
- ulog-acctd. It's works perfect.
--
With best regards, Nikolay Ilkevich.
prev parent reply other threads:[~2009-03-02 17:12 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-27 14:26 ulog: losing packets Alexander Kolesnik
2009-03-01 10:14 ` Pablo Neira Ayuso
2009-03-02 7:57 ` Re[2]: " Alexander Kolesnik
2009-03-02 9:46 ` Pablo Neira Ayuso
2009-03-02 17:12 ` Nick [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49AC137D.9000503@gmail.com \
--to=vbox.nick@gmail.com \
--cc=alexander.kolesnik@awanti.com \
--cc=netfilter@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.