Re: (nfnl_talk: recvmsg over-run) and (nf_queue: full at 1024 entries, dropping packets(s). Dropped: 582) - bug or just some defaults increase required?

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Anton VG <anton.vazir@gmail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: (nfnl_talk: recvmsg over-run) and (nf_queue: full at 1024 entries, dropping packets(s). Dropped: 582) - bug or just some defaults increase required?
Date: Sun, 08 Feb 2009 02:34:11 +0100	[thread overview]
Message-ID: <498E3693.6030702@netfilter.org> (raw)
In-Reply-To: <c4b050a10902061014w3df3b2c3xe9e6465be79b4e07@mail.gmail.com>

Anton VG wrote:
> Hello Friends,
> 
> Just came to a problem with nfnetlink_queue -
> 
> I've created a service where users do connect to a host, and every
> connected user (over PPP) get's a separate NF-QUEUE -
> In this QUEUE i do packet accounting, to a different destination. When
> number of simultaneous queues went to 40+  I just came to a problem -
> deadloop with continues generation of the error to stderr - (3GB of
> record in the log in 3 minutes of deadlock)
> 
> nfnl_talk: recvmsg over-run

This happens when netlink fails to deliver a packet from kernel to
userspace due to an overrun in the buffer.

> GDB connected and backtrace showed the loop in the following:
[...]
> Also I'm watching the following in the dmesg (though, it does not kill
> the service) - but maybe somehow influences?
> 
> __ratelimit: 14 messages suppressed
> nf_queue: full at 1024 entries, dropping packets(s). Dropped: 679

This message is triggered when you exceed queue_maxlen.

> Further details: using kernel 2.6.26.5 and
> libnetfilter_queue-0.0.16
> libnfnetlink-0.0.39
> 
> Do you think that increasing the NFQNL_QMAX_DEFAULT from 1024 to 10240
> would solve the problem
> (in linux-2.6.26.5/net/netfilter/nfnetlink_queue.c) - or the problem is deeper?

That would reduce the chances to hit the printk error that you have
reported (which I think that it needs to be removed or disabled it, we
have the /proc interface to report this error, the point would be to
document this issue in the library).

For the ENOBUFS problem, what you can do is to increase the buffer size,
that will delay the appearance of the ENOBUFS problem. Please, see
nfnl_rcvbufsiz() in libnfnetlink. Increasing the priority of the process
via nice() would reduce the chances to hit ENOBUFS.

> Maybe anything like this is fixed in further versions of the kernel of
> libraries?

ENOBUFS is there to tell userspace that Netlink cannot back off. It's
not a bug, it's a feature of Netlink.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

next prev parent reply	other threads:[~2009-02-08  1:34 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-02-06 18:14 (nfnl_talk: recvmsg over-run) and (nf_queue: full at 1024 entries, dropping packets(s). Dropped: 582) - bug or just some defaults increase required? Anton VG
2009-02-08  1:34 ` Pablo Neira Ayuso [this message]
2009-02-09 10:56   ` Anton
2009-02-09 11:20     ` Pablo Neira Ayuso
2009-02-11  8:48       ` Anton
     [not found]       ` <49928B62.1090600@netfilter.org>
2009-02-11 12:26         ` Anton VG
2009-02-11 16:41           ` Pablo Neira Ayuso
2009-02-12 10:45             ` Anton
2009-02-12 12:43               ` Pablo Neira Ayuso
2009-02-14  9:03                 ` Anton
2009-02-14 17:13               ` Pablo Neira Ayuso
2009-02-16 13:19                 ` Anton
2009-02-16 13:42                   ` Pablo Neira Ayuso
2009-02-16 14:38                     ` Anton VG
2009-02-16 15:23                       ` Pablo Neira Ayuso
2009-02-16 15:33                         ` Anton VG
2009-02-16 15:41                           ` Anton VG
2009-02-17 16:58                             ` Anton VG
2009-02-17 17:15                               ` Pablo Neira Ayuso
2009-02-17 17:31                                 ` Anton VG
2009-02-18  2:48                                   ` Amos Jeffries
2009-02-17 17:34                                 ` Anton VG
2009-02-17 19:51                                   ` Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=498E3693.6030702@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=anton.vazir@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).