nflog: make sure the messages aren't buffered for default 1 second

Also: improve documentation.
cloudflare · Feb 19, 2015 · ff1cd5f · ff1cd5f
1 parent f4fdb6a
commit ff1cd5f
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -79,8 +79,15 @@ This will cause `pmtud` to listen to packets from NFLOG and use `eth0`
 to brodcast them if neccesary. Debug by listing this /proc file:
 
     cat /proc/net/netfilter/nfnetlink_log
+    33  32781     0 2 65535      0  1
 
-Where the format of this file is similar to `nfnetling_queue`
-described here:
+Where columns read:
+
+ * nflog group number of a given queue (16 bits)
+ * peer portid: most likely the pid of process
+ * number of messages buffered on the kernel side
+ * copy mode: 2 for full packet copy
+ * copy range: max packet size
+ * flush timeout in 1/100th of a second
+ * use count
 
-  * https://home.regit.org/netfilter-en/using-nfqueue-and-libnetfilter_queue/
diff --git a/src/nflog.c b/src/nflog.c
@@ -121,6 +121,12 @@ struct nflog *nflog_alloc(uint16_t group_no, unsigned queue_maxlen,
 		PFATAL("nflog_set_mode");
 	}
 
+	/* Disable netlink timeout, to reduce latency. The units of
+	 * value are 1/100th of second. */
+	if (nflog_set_timeout(n->qh, 0) < 0) {
+		PFATAL("nflog_set_timeout");
+	}
+
 	int fd = nflog_fd(n->h);
 
 	int opt = 1;