From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Cc: Netfilter Development Mailing list <netfilter-devel@vger.kernel.org>
Subject: Re: [conntrackd PATCH 2/2 v2] conntrackd: add systemd support
Date: Wed, 11 Nov 2015 16:59:33 +0100 [thread overview]
Message-ID: <20151111155933.GA20284@salvia> (raw)
In-Reply-To: <CAOkSjBh92vvnW2UV=6E3V8ha1+wRi0+eLuPcoyPQku1K0SCakw@mail.gmail.com>
On Fri, Nov 06, 2015 at 04:59:22PM +0100, Arturo Borrero Gonzalez wrote:
> On 6 November 2015 at 14:53, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> >> +void sd_ct_watchdog_init(void)
> >> +{
> >> + /* ignoring systemd API erros: only care if admin expects watchdog */
> >
> > Not sure what you mean with this comment.
>
> The API call may returns:
> * negative errno-style error code
> * 0 if watchdog is not expected by systemd for this daemon
> * >0 if watchdog is expected by systemd for this daemon
>
> My patch ignores the 2 first options, we only continue executing this
> function if watchdog is expected by systemd (i.e, the admin configured
> it).
I think it is a good idea to report that no systemd watchdog is going
on through log messages.
> I ignored errors because I would not like to exit conntrackd if there
> is some issue in the systemd side, just ignore it.
>
> >
> >> + if (sd_watchdog_enabled(0, &sd_watchdog_interval) < 1)
> >
> > So sd_watchdog_enabled is setting sd_watchdog_interval?
> >
> > What is the value that sd_watchdog_interval is being set?
> >
>
> Yes, only if sd_watchdog_enabled returned >0.
>
> From the man page:
>
> ""
> int sd_watchdog_enabled(int unset_environment, uint64_t *usec);
> [...]
> If the usec parameter is non-NULL, sd_watchdog_enabled() will write
> the timeout in µs for the watchdog logic to it.
> ""
I guess this is configured from systemd, what is the default?
On top of this, I wonder if we should have a configuration option from
our configuration file, something that allows us to do "Systemd Off".
I would suggest default in "Systemd On" if not specified, given that
main distros decided to follow this path.
After this patch, we can only enable/disable systemd integration at
configuration/compilation stage, however I expect most users will be
using packages from distros. I think it would be good to provide them
a runtime way to disable this if they don't want any interference with
their existing infrastructure.
Does this sound reasonable to you? Other than that above, this patch
looks good to me.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2015-11-11 15:59 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-30 9:04 [conntrackd PATCH 2/2 v2] conntrackd: add systemd support Arturo Borrero Gonzalez
2015-11-06 13:53 ` Pablo Neira Ayuso
2015-11-06 15:59 ` Arturo Borrero Gonzalez
2015-11-11 15:59 ` Pablo Neira Ayuso [this message]
2015-11-11 18:18 ` Arturo Borrero Gonzalez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151111155933.GA20284@salvia \
--to=pablo@netfilter.org \
--cc=arturo.borrero.glez@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).