[pve-devel] [PATCH firewall] make nfct_catch non-blocking
David Limbeck
d.limbeck at proxmox.com
Thu Jan 10 13:51:48 CET 2019
On 1/10/19 1:49 PM, Wolfgang Bumiller wrote:
> On Thu, Jan 10, 2019 at 12:08:28PM +0100, David Limbeck wrote:
>> nfct_catch blocks if the callback always returns NFCT_CB_CONTINUE. this
>> works around the problem by setting the underlying file descriptor to
>> O_NONBLOCK. this should allow the callback to run multiple times and
>> catch as many events as possible before nfct_catch returns.
>>
>> Signed-off-by: David Limbeck <d.limbeck at proxmox.com>
>> ---
>> maybe this improves the ENOBUFS situation? it should result in equal or
>> more messages though as the callback is run multiple times before
>> nfct_catch returns.
> I wouldn't expect a change in the ENOBUFS situation but rather just more
> output happening which may have previously been lost from already-read
> packet parts.
>
> @Alexandre, could you give this a try?
For ENOBUFS we could try setting NETLINK_NO_ENOBUFS with setsockopt as
mentioned by @Thomas.
More information about the pve-devel
mailing list