Hi,
I just tried to compile Snort inline version on Ubuntu and I think that
compatibility layer over new libnetfilter_queue is not working. Maybe I'am
doing something wrong but I also tried to make a simple sample app and it's
not working too :-( I used libnetfilter_queue-0.0.17 and libnfnetlink-1.0.0
on clean Ubuntu 8.04 LTS x86 with kernel 2.6.24-23-generic
Here are my notes:
1. libipq_compat.c, line 172 (ipq_read)
some function named ipq_netlink_recvfrom is commented out ? How can be
packet received ? Next piece of code just parse some data, check family and
parse attributes. In all cases it return 0 which means that timeout or
signal occured. OK, I can probably call nfq_fd and recv() but I think that
it have to be implemented directly in compat code.
2. libipq_compat.c, line 172 (ipq_create_handle)
- nfq_open -> nfq_bind_pf -> nfq_create_queue
This is OK, but when destroing ipq handle by ipq_destroy_handle only
nfq_close is called (not nfq_unbind_pf and nfq_destroy_queue) You can't
start the same app again -> error while binding
3. nfqnl_test.c , line 92
I think that is not a good idea to exit after unsuccessful call to
nfq_unbind_pf() because no binding is available while you are running app
for the first time
Thanks for your response,
Ondra
BTW nfqnl_test which uses new API works fine...
__________ Informace od ESET NOD32 Antivirus, verze databaze 4423 (20090914) __________
Tuto zpravu proveril ESET NOD32 Antivirus.
http://www.eset.cz
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
