Andy Cristina írta:
I've been attempting to play with netfilter_queue to see how effective a certain similarity hashing technique would work for identifying parts of documents being sent out over the network, but I haven't had much progress even getting the test program to work.
Just a few questions: - Why do you want to do such things? - How would you come over on the compressed files, MIME encodings? - Are you attempting to stop some information thiefing?
I can compile and link nfq_test.c fine, using both the old versions of libnfnetfiler and libnetfilter_queue available from ubuntu's apt, and by using the newest released versions compiled from source. However, in any case when I run the compiled nfq_test, the program seems to do nothing after setting the packet copy mode. So it seems to me as if it is perpetually waiting for a packet to be sent over the netlink, but one never arrives, no matter how much network traffic I have. Am I missing some vital piece of setup? When I run nfq_test, there are two netfilter modules loaded. Should there be more? Do they need to be configured somehow? Is this the expected behavior? I have tested this both on my ubuntu install and on a friend's debian, both machines exhibit the same behavior. Any help is certainly appreciated.
Swifty
