Logging levels and implications
Kernel - user communication logging level has been described in
fourth chapter, to which we send user
back. Here we would like to underline that communication between kernel and user
worlds is achieved via netlink sockets. Operating system sends information to
interface everytime a packet is received from firewall, in an atomic context, without
queueing it nor waiting for the userspace side to receive it. In such scenario it is possible,
if network load is high and/or if cpu load is heavy, that some packets sent via netlink
interface are lost. In this case, user firewall prints a warning on the screen and kernel
keeps track of this event in its statistic counters. Smart logging, enabled if
loguser is set to 1, reduces this problem without subtracting
useful information to user interface. In this modality, only packets which have not already
been sent are logged to userspace, reducing communication load. For this reason,
setting loguser to 1 is recommended to avoid unuseful overload on cpu.
Decreasing/increasing loguser implies a consequent variation also in information logged
on file.
We underline that no information is lost when loguser is set to 1 and no packets
are lost in kernel firewall filter when interface reports a kernel/user packet
loss.
Remember also that significant and correct statistics are those read from firewall
counters (obtained pressing F7), not those given by interface point of view (got by pressing
L), although their reports should converge.