(nfnl_talk: recvmsg over-run) and (nf_queue: full at 1024 entries, dropping packets(s). Dropped: 582) - bug or just some defaults increase required?

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Anton VG <anton.vazir@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: (nfnl_talk: recvmsg over-run) and (nf_queue: full at 1024 entries, dropping packets(s). Dropped: 582) - bug or just some defaults increase required?
Date: Fri, 6 Feb 2009 23:14:16 +0500	[thread overview]
Message-ID: <c4b050a10902061014w3df3b2c3xe9e6465be79b4e07@mail.gmail.com> (raw)

Hello Friends,

Just came to a problem with nfnetlink_queue -

I've created a service where users do connect to a host, and every
connected user (over PPP) get's a separate NF-QUEUE -
In this QUEUE i do packet accounting, to a different destination. When
number of simultaneous queues went to 40+  I just came to a problem -
deadloop with continues generation of the error to stderr - (3GB of
record in the log in 3 minutes of deadlock)

nfnl_talk: recvmsg over-run

GDB connected and backtrace showed the loop in the following:

in write () from /lib/libc.so.6
(gdb) bt
#0  0x00007f67b94c041f in write () from /lib/libc.so.6
#1  0x00007f67b946a743 in _IO_file_write () from /lib/libc.so.6
#2  0x00007f67b946baf8 in _IO_file_xsputn () from /lib/libc.so.6
#3  0x00007f67b9444442 in cuserid () from /lib/libc.so.6
#4  0x00007f67b944508f in vfprintf () from /lib/libc.so.6
#5  0x00007f67b944e328 in fprintf () from /lib/libc.so.6
#6  0x00007f67b930102d in nfnl_talk (nfnlh=0x53c4b0, n=<value
optimized out>, peer=<value optimized out>, groups=<value optimized
out>, answer=0x0,
    junk=0, jarg=0x0) at libnfnetlink.c:678
#7  0x00007f67b9be457f in __build_send_cfg_msg (h=0x5398d0, command=1
'\001', queuenum=<value optimized out>, pf=0) at
libnetfilter_queue.c:114
#8  0x00007f67b9be46e6 in nfq_create_queue (h=0x5398d0, num=40,
cb=0x41104a <cb>, data=0x5c8b68) at libnetfilter_queue.c:246
#9  0x0000000000410579 in nfqhandler::add_queue (this=0x53c3e0,
group=40, dev=0x551578 "ppp40", ip=318845450) at nfqlib.cpp:369
#10 0x00000000004065df in hndpptp::setda (this=0x5301a0,
pptp_pid=1505) at hndlib.cpp:418
#11 0x0000000000406b05 in hndpptp::dologin (this=0x5301a0, pi={_M_node
= 0x588a40}) at hndlib.cpp:453
#12 0x0000000000408603 in hndpptp::run (this=0x5301a0) at hndlib.cpp:268
#13 0x000000000040522c in main () at nfman.cpp:34

Also I'm watching the following in the dmesg (though, it does not kill
the service) - but maybe somehow influences?

__ratelimit: 14 messages suppressed
nf_queue: full at 1024 entries, dropping packets(s). Dropped: 679

Further details: using kernel 2.6.26.5 and
libnetfilter_queue-0.0.16
libnfnetlink-0.0.39

Do you think that increasing the NFQNL_QMAX_DEFAULT from 1024 to 10240
would solve the problem
(in linux-2.6.26.5/net/netfilter/nfnetlink_queue.c) - or the problem is deeper?

Maybe anything like this is fixed in further versions of the kernel of
libraries?

Will be grateful for any help

Anton.

next             reply	other threads:[~2009-02-06 18:14 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-02-06 18:14 Anton VG [this message]
2009-02-08  1:34 ` (nfnl_talk: recvmsg over-run) and (nf_queue: full at 1024 entries, dropping packets(s). Dropped: 582) - bug or just some defaults increase required? Pablo Neira Ayuso
2009-02-09 10:56   ` Anton
2009-02-09 11:20     ` Pablo Neira Ayuso
2009-02-11  8:48       ` Anton
     [not found]       ` <49928B62.1090600@netfilter.org>
2009-02-11 12:26         ` Anton VG
2009-02-11 16:41           ` Pablo Neira Ayuso
2009-02-12 10:45             ` Anton
2009-02-12 12:43               ` Pablo Neira Ayuso
2009-02-14  9:03                 ` Anton
2009-02-14 17:13               ` Pablo Neira Ayuso
2009-02-16 13:19                 ` Anton
2009-02-16 13:42                   ` Pablo Neira Ayuso
2009-02-16 14:38                     ` Anton VG
2009-02-16 15:23                       ` Pablo Neira Ayuso
2009-02-16 15:33                         ` Anton VG
2009-02-16 15:41                           ` Anton VG
2009-02-17 16:58                             ` Anton VG
2009-02-17 17:15                               ` Pablo Neira Ayuso
2009-02-17 17:31                                 ` Anton VG
2009-02-18  2:48                                   ` Amos Jeffries
2009-02-17 17:34                                 ` Anton VG
2009-02-17 19:51                                   ` Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c4b050a10902061014w3df3b2c3xe9e6465be79b4e07@mail.gmail.com \
    --to=anton.vazir@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).