My apology for first sending this privately, rather than to the
list.
I have copied below some information that I have send to several
lists and newsgroups regarding my attempt to get libipq to work.
As yet, I have gotten no replies to this regarding libipq, and it
is still not working. Maybe there may be something in it that is
useful you. If you get it working, I certainly would like to hear
about it, and I will do likewise.
Mike.
--
Michael D. Berger
m.d.berger@xxxxxxxx
--
Using RH-E-WS-4 that has kernel-2.6.9-5.EL, all freshly installed,
I downloaded and installed iptables-1.3.1 using the install script
shown below.
I wrote the simple test program shown below, following
man libipq.
When I run it, and then send pings from another
box, the program prints "started", and nothing
else, indicating that the ipq_read never returns.
The pings get no response. I note that if I
change QUEUE to ACCEPT in the iptables -A, the
pings respond appropriately.
Advice would be much appreciated.
Mike.
--
Michael D. Berger
m.d.berger@xxxxxxxx
--
*** install script ***
make KERNEL_DIR=/usr/src BINDIR=/usr/bin LIBDIR=/usr/lib \
MANDIR=/usr/share/man
make install KERNEL_DIR=/usr/src BINDIR=/usr/bin \
LIBDIR=/usr/lib MANDIR=/usr/share/man install
make install KERNEL_DIR=/usr/src BINDIR=/usr/bin LIBDIR=/usr/lib \
MANDIR=/usr/share/man install-devel
*** start sequence ***
modprobe iptable_filter
modprobe ip_queue
iptables -A OUTPUT -p icmp -j QUEUE
netqueue # the name of my program
*** iptables-save output ***
# Generated by iptables-save v1.2.11 on Sat May 7 14:03:44 2005 *filter
:INPUT ACCEPT [30:6804] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [46:5164]
-A OUTPUT -p icmp -j QUEUE
COMMIT
# Completed on Sat May 7 14:03:44 2005
*** code ***
// netqueue.c 05/10/05
#include <linux/netfilter.h>
#include <libipq.h>
#include <stdio.h>
#define BUFSIZE 2048
static void die (struct ipq_handle *hand)
{
ipq_perror("passer");
ipq_destroy_handle(hand);
exit(1);
}
int main(int argc, char* argv[])
{
int status;
unsigned char buf[BUFSIZE];
struct ipq_handle* ipqHand;
ipqHand = ipq_create_handle(0,PF_INET);
if (ipqHand == 0)
die(ipqHand);
int cnt = 0;
while (cnt++ < 3)
{
fprintf(stderr,"started\n");
status = ipq_read(ipqHand,buf,BUFSIZE,0);
fprintf(stderr,"read\n");
if (status < 0)
die(ipqHand);
switch(ipq_message_type(buf))
{
case NLMSG_ERROR:
fprintf(stderr,"Error msg: %s\n",ipq_get_msgerr(buf));
break;
default:
{
ipq_packet_msg_t* msg = ipq_get_packet(buf);
fprintf (stderr,"Type = %d\n",ipq_message_type(buf));
status = ipq_set_verdict(ipqHand,msg->packet_id,
NF_ACCEPT,0,NULL);
if (status < 0)
die(ipqHand);
}
};
}
ipq_destroy_handle(ipqHand);
return 0;
}
> -----Original Message-----
> From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx
> [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of hero lp
> Sent: Thursday, May 19, 2005 8:10 PM
> To: netfilter@xxxxxxxxxxxxxxxxxxx
> Subject: how to execute my libipq test program?
>
>
> hello, everybody. Wish you a good day!
> I have compiled my test program with libipq. But when I try to execute
> it with netqueue command, I get some troubles. ----There exists no
> such command. Why? Then how to execute my program?
> Another question: I think it's something like writer and reader
> problem since kernel tries to put packets into user space and my
> program tries to read them. Is it necessary for user application to do
> some work for synchronization? If not, why?
>
> Thanks for your suggestions!
>
>
--
Michael D. Berger
m.d.berger@xxxxxxxx
