diff options
| author |  netblue30 <netblue30@yahoo.com> | 2019-09-29 19:03:16 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2019-09-29 19:03:16 -0400 |
| commit | bef5d86a10ec8f75fe341abb6ad58948107ec56e (patch) | |
| tree | 9218e8adfd88dc3a7807e34759f6db2e864907dd /src/firemon | |
| parent | Update evince (diff) | |
| download | firejail-bef5d86a10ec8f75fe341abb6ad58948107ec56e.tar.gz firejail-bef5d86a10ec8f75fe341abb6ad58948107ec56e.tar.zst firejail-bef5d86a10ec8f75fe341abb6ad58948107ec56e.zip | |
increase socket buffer size for firemon, bug #2700
Diffstat (limited to 'src/firemon')
| -rw-r--r-- | src/firemon/firemon.c | 4 | ||||
| -rw-r--r-- | src/firemon/firemon.h | 3 | ||||
| -rw-r--r-- | src/firemon/procevent.c | 31 | ||||
| -rw-r--r-- | src/firemon/usage.c | 1 |
4 files changed, 32 insertions, 7 deletions
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index b3c435d9e..dad3b0afb 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c | |||
| @@ -26,6 +26,7 @@ | |||
| 26 | #include <sys/stat.h> | 26 | #include <sys/stat.h> |
| 27 | 27 | ||
| 28 | pid_t skip_process = 0; | 28 | pid_t skip_process = 0; |
| 29 | int arg_debug = 0; | ||
| 29 | static int arg_route = 0; | 30 | static int arg_route = 0; |
| 30 | static int arg_arp = 0; | 31 | static int arg_arp = 0; |
| 31 | static int arg_tree = 0; | 32 | static int arg_tree = 0; |
| @@ -142,7 +143,8 @@ int main(int argc, char **argv) { | |||
| 142 | printf("firemon version %s\n\n", VERSION); | 143 | printf("firemon version %s\n\n", VERSION); |
| 143 | return 0; | 144 | return 0; |
| 144 | } | 145 | } |
| 145 | 146 | else if (strcmp(argv[i], "--debug") == 0) | |
| 147 | arg_debug = 1; | ||
| 146 | // options without a pid argument | 148 | // options without a pid argument |
| 147 | else if (strcmp(argv[i], "--top") == 0) | 149 | else if (strcmp(argv[i], "--top") == 0) |
| 148 | arg_top = 1; | 150 | arg_top = 1; |
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h index 2e5647c2f..7f8bc698c 100644 --- a/src/firemon/firemon.h +++ b/src/firemon/firemon.h | |||
| @@ -29,6 +29,9 @@ | |||
| 29 | #include "../include/pid.h" | 29 | #include "../include/pid.h" |
| 30 | #include "../include/common.h" | 30 | #include "../include/common.h" |
| 31 | 31 | ||
| 32 | // main.c | ||
| 33 | extern int arg_debug; | ||
| 34 | |||
| 32 | // clear screen | 35 | // clear screen |
| 33 | static inline void firemon_clrscr(void) { | 36 | static inline void firemon_clrscr(void) { |
| 34 | printf("\033[2J\033[1;1H"); | 37 | printf("\033[2J\033[1;1H"); |
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index b79f12362..762d22514 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c | |||
| @@ -173,6 +173,20 @@ static int procevent_netlink_setup(void) { | |||
| 173 | if (bind(sock, (struct sockaddr *)&addr, sizeof(addr)) < 0) | 173 | if (bind(sock, (struct sockaddr *)&addr, sizeof(addr)) < 0) |
| 174 | goto errexit; | 174 | goto errexit; |
| 175 | 175 | ||
| 176 | // set a large socket rx buffer | ||
| 177 | // the regular default value as set in /proc/sys/net/core/rmem_default will fill the | ||
| 178 | // buffer much quicker than we can process it | ||
| 179 | int bsize = 1024 * 1024; // 1MB | ||
| 180 | socklen_t blen = sizeof(int); | ||
| 181 | if (setsockopt(sock, SOL_SOCKET, SO_RCVBUFFORCE, &bsize, blen) == -1) | ||
| 182 | fprintf(stderr, "Warning: cannot set rx buffer size, using default system value\n"); | ||
| 183 | else if (arg_debug) { | ||
| 184 | if (getsockopt(sock, SOL_SOCKET, SO_RCVBUF, &bsize, &blen) == -1) | ||
| 185 | fprintf(stderr, "Error: cannot read rx buffer size\n"); | ||
| 186 | else | ||
| 187 | printf("rx buffer size %d\n", bsize / 2); // the value returned is duble the real one, see man 7 socket | ||
| 188 | } | ||
| 189 | |||
| 176 | // send monitoring message | 190 | // send monitoring message |
| 177 | struct nlmsghdr nlmsghdr; | 191 | struct nlmsghdr nlmsghdr; |
| 178 | memset(&nlmsghdr, 0, sizeof(nlmsghdr)); | 192 | memset(&nlmsghdr, 0, sizeof(nlmsghdr)); |
| @@ -244,14 +258,19 @@ static int procevent_monitor(const int sock, pid_t mypid) { | |||
| 244 | } | 258 | } |
| 245 | 259 | ||
| 246 | 260 | ||
| 247 | if ((len = recv(sock, buf, sizeof(buf), 0)) == 0) { | 261 | if ((len = recv(sock, buf, sizeof(buf), 0)) == 0) |
| 248 | return 0; | 262 | return 0; |
| 249 | } | ||
| 250 | if (len == -1) { | 263 | if (len == -1) { |
| 251 | if (errno == EINTR) { | 264 | if (errno == EINTR) |
| 252 | return 0; | 265 | continue; |
| 253 | } else { | 266 | else if (errno == ENOBUFS) { |
| 254 | fprintf(stderr,"recv: %s\n", strerror(errno)); | 267 | // rx buffer is full, the kernel started dropping messages |
| 268 | printf("*** Waning *** - message burst received, not all events are printed\n"); | ||
| 269 | //return -1; | ||
| 270 | continue; | ||
| 271 | } | ||
| 272 | else { | ||
| 273 | fprintf(stderr,"Error: rx socket recv call, errno %d, %s\n", errno, strerror(errno)); | ||
| 255 | return -1; | 274 | return -1; |
| 256 | } | 275 | } |
| 257 | } | 276 | } |
diff --git a/src/firemon/usage.c b/src/firemon/usage.c index 3b9fe96c0..196fc32c3 100644 --- a/src/firemon/usage.c +++ b/src/firemon/usage.c | |||
| @@ -31,6 +31,7 @@ static char *help_str = | |||
| 31 | "\t--caps - print capabilities configuration for each sandbox.\n\n" | 31 | "\t--caps - print capabilities configuration for each sandbox.\n\n" |
| 32 | "\t--cgroup - print control group information for each sandbox.\n\n" | 32 | "\t--cgroup - print control group information for each sandbox.\n\n" |
| 33 | "\t--cpu - print CPU affinity for each sandbox.\n\n" | 33 | "\t--cpu - print CPU affinity for each sandbox.\n\n" |
| 34 | "\t--debug - print debug messages.\n\n" | ||
| 34 | "\t--help, -? - this help screen.\n\n" | 35 | "\t--help, -? - this help screen.\n\n" |
| 35 | "\t--interface - print network interface information for each sandbox.\n\n" | 36 | "\t--interface - print network interface information for each sandbox.\n\n" |
| 36 | "\t--list - list all sandboxes.\n\n" | 37 | "\t--list - list all sandboxes.\n\n" |