From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Alexander Kolesnik <Alexander.Kolesnik@awanti.com>
Cc: netfilter@vger.kernel.org
Subject: Re: ulog: losing packets
Date: Sun, 01 Mar 2009 11:14:16 +0100 [thread overview]
Message-ID: <49AA5FF8.5010409@netfilter.org> (raw)
In-Reply-To: <547716004.20090227172654@awanti.com>
Alexander Kolesnik wrote:
> Hello,
>
> We're accounting traffic for users by ULOG-ipcad chain. Some time ago
> I've found that some of users traffic does not appear in ipcad. To
> check that this is not ipcad's problem I've installed ulogd and found
> following in its log:
> Fri Feb 27 15:25:56 2009 <3> ulogd.c:487 ulogd Version 1.22 starting
> Fri Feb 27 15:25:56 2009 <5> ulogd.c:766 initialization finished, entering main loop
> Fri Feb 27 15:27:00 2009 <7> ulogd.c:777 ipulog_read == -1! ipulog_errno == 6, errno = 105
> Fri Feb 27 15:27:02 2009 <7> ulogd.c:777 ipulog_read == -1! ipulog_errno == 6, errno = 105
That means that netlink cannot back off as it is hitting ENOBUFS, thus,
you are losing log messages. Hm, ulog <= 1.24 does a primitive netlink
error handling.
> I have following settings for ulog and other stuff:
> /etc/modprobe.conf:
> options nf_conntrack hashsize=2097152
> options ipt_ULOG nlbufsiz=65535 flushtimeout=100
>
> # sysctl -a|grep rmem
> net.ipv4.tcp_rmem = 4096 87380 174760
> net.core.rmem_default = 221184
> net.core.rmem_max = 4194304
>
> /etc/ulogd.conf:
> rmem=442368
^^^^^^
Rising this value will delay hitting ENOBUFS. This is the size of the
receiver buffer.
--
"Los honestos son inadaptados sociales" -- Les Luthiers
next prev parent reply other threads:[~2009-03-01 10:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-27 14:26 ulog: losing packets Alexander Kolesnik
2009-03-01 10:14 ` Pablo Neira Ayuso [this message]
2009-03-02 7:57 ` Re[2]: " Alexander Kolesnik
2009-03-02 9:46 ` Pablo Neira Ayuso
2009-03-02 17:12 ` Nick
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49AA5FF8.5010409@netfilter.org \
--to=pablo@netfilter.org \
--cc=Alexander.Kolesnik@awanti.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox