Homepage di Giacomo.

Logging levels and implications

Kernel - user communication logging level has been described in fourth chapter, to which we send user back. Here we would like to underline that communication between kernel and user worlds is achieved via netlink sockets. Operating system sends information to interface everytime a packet is received from firewall, in an atomic context, without queueing it nor waiting for the userspace side to receive it. In such scenario it is possible, if network load is high and/or if cpu load is heavy, that some packets sent via netlink interface are lost. In this case, user firewall prints a warning on the screen and kernel keeps track of this event in its statistic counters. Smart logging, enabled if loguser is set to 1, reduces this problem without subtracting useful information to user interface. In this modality, only packets which have not already been sent are logged to userspace, reducing communication load. For this reason, setting loguser to 1 is recommended to avoid unuseful overload on cpu. Decreasing/increasing loguser implies a consequent variation also in information logged on file.
We underline that no information is lost when loguser is set to 1 and no packets are lost in kernel firewall filter when interface reports a kernel/user packet loss.
Remember also that significant and correct statistics are those read from firewall counters (obtained pressing F7), not those given by interface point of view (got by pressing L), although their reports should converge.

Valid XHTML 1.0!

Top of page
Back to index
Next page (getsockopt() interface)
Previous page (Network Address and Port Translation)