[Oisf-devel] [PATCH] nfq: modify queue length computation logic

Victor Julien victor at inliniac.net
Wed Jan 13 14:31:33 UTC 2010 

Awesome, thanks Eric. Running NFQ on my firewall so I'll be testing
this. Patch applied.

Cheers,
Victor

Eric Leblond wrote:
> This patch modifies  max queue length computation logic. The max queue
> length was set to MAX_PENDING which is the total number of packet
> processed simultaneously in suricata.
> 
> This value is correct but this will not permit to take all burst
> effects into account (read sudden quantity of packet that arrives
> faster than suricata is enable to parse). Furthermore there is a
> delaying system when suricata gets overloaded which make necessary
> to have packet storable into kernel for some time.
> 
> To improve this situation the patch increases the maximum queue
> length to NFQ_BURST_FACTOR (4) time the MAX_PENDING packet and
> it also increase the nfnetlink buffer size to be able to store
> all packets waiting for suricata in the netlink receive buffer.
> ---
>  src/source-nfq.c |    9 ++++++++-
>  1 files changed, 8 insertions(+), 1 deletions(-)
> 
> diff --git a/src/source-nfq.c b/src/source-nfq.c
> index 8e825fd..fddfbe3 100644
> --- a/src/source-nfq.c
> +++ b/src/source-nfq.c
> @@ -65,6 +65,10 @@ TmEcode NoNFQSupportExit(ThreadVars *tv, void *initdata, void **data)
>  
>  #else /* implied we do have NFQ support */
>  
> +#define NFQ_BURST_FACTOR 4
> +#define NFQ_DFT_QUEUE_LEN NFQ_BURST_FACTOR * MAX_PENDING
> +#define NFQ_NF_BUFSIZE 1500 * NFQ_DFT_QUEUE_LEN
> +
>  /* shared vars for all for nfq queues and threads */
>  static NFQGlobalVars nfq_g;
>  
> @@ -258,6 +262,9 @@ TmEcode NFQInitThread(NFQThreadVars *nfq_t, uint16_t queue_num, uint32_t queue_m
>      }
>  #endif /* HAVE_NFQ_MAXLEN */
>  
> +    /* set netlink buffer size to a decent value */
> +    nfnl_rcvbufsiz(nfq_nfnlh(nfq_t->h), NFQ_NF_BUFSIZE);
> +
>      nfq_t->nh = nfq_nfnlh(nfq_t->h);
>      nfq_t->fd = nfnl_fd(nfq_t->nh);
>  
> @@ -289,7 +296,7 @@ TmEcode ReceiveNFQThreadInit(ThreadVars *tv, void *initdata, void **data) {
>       * as we will need it in our callback function */
>      ntv->tv = tv;
>  
> -    int r = NFQInitThread(ntv,receive_queue_num,MAX_PENDING);
> +    int r = NFQInitThread(ntv,receive_queue_num, NFQ_DFT_QUEUE_LEN);
>      if (r < 0) {
>          SCLogError(SC_NFQ_THREAD_INIT, "nfq thread failed to initialize");
>  


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-devel mailing list