QUEUE problem on RH-E-WS-4

"Michael D. Berger" <m.d.berger@xxxxxxxx> · Sat, 7 May 2005 14:43:53 -0400

Using RH-E-WS-4 that has kernel kernel-2.6.9-5.EL,
all freshly installed, I downloaded and installed
iptables-1.3.1 using the install script shown below.

I wrote the simple test program below, following
man libipq.

When I run it, and then send pings from another
box, the program prints "started", and nothing
else, indicating that the ipq_read never returns.
The pings get no response.  I note that if I
change QUEUE to ACCEPT in the iptables -A, the
pings respond appropriately.

Advice would be much appreciated.

Mike.

--
Michael D. Berger
m.d.berger@xxxxxxxx 
--

*** install script ***

make KERNEL_DIR=/usr/src BINDIR=/usr/bin LIBDIR=/usr/lib
MANDIR=/usr/share/man
make install KERNEL_DIR=/usr/src BINDIR=/usr/bin LIBDIR=/usr/lib
MANDIR=/usr/share/man install
make install KERNEL_DIR=/usr/src BINDIR=/usr/bin LIBDIR=/usr/lib
MANDIR=/usr/share/man install-devel

*** start sequence ***

modprobe iptable_filter
modprobe ip_queue
iptables -A OUTPUT -p icmp -j QUEUE
netqueue # the name of my program

*** iptables-save output ***

# Generated by iptables-save v1.2.11 on Sat May  7 14:03:44 2005
*filter
:INPUT ACCEPT [30:6804]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [46:5164]
-A OUTPUT -p icmp -j QUEUE 
COMMIT
# Completed on Sat May  7 14:03:44 2005

*** code ***

// netqueue.c 05/07/05

#include <linux/netfilter.h>
#include <libipq.h>
#include <stdio.h>

#define BUFSIZE 2048

static void die (struct ipq_handle *hand)
{
   ipq_perror("passer");
   ipq_destroy_handle(hand);
   exit(1);
}

int main(int argc, char* argv[])
{
   int                     status;
   unsigned char           buf[BUFSIZE];
   struct ipq_handle*   	ipqHand;

	ipqHand = ipq_create_handle(0,PF_INET);

	if (ipqHand == 0)
		die(ipqHand);

	int cnt = 0;
	while (cnt++ < 3)
	{
		fprintf(stderr,"started\n");
		status = ipq_read(ipqHand,buf,BUFSIZE,0);
		fprintf(stderr,"read\n");

		if (status < 0)
			die(ipqHand);

		switch(ipq_message_type(buf))
		{
			case NLMSG_ERROR:
				fprintf(stderr,"Error msg:
%s\n",ipq_get_msgerr(buf));
			break;

			default:
         {
            ipq_packet_msg_t*    msg = ipq_get_packet(buf);
				fprintf (stderr,"Type =
%d\n",ipq_message_type(buf));
            status = ipq_set_verdict(ipqHand,msg->packet_id,
                        NF_ACCEPT,0,NULL);
            if (status < 0)
               die(ipqHand);
         }
		};
	}

	ipq_destroy_handle(ipqHand);
   return 0;
}