'HELP ME PLEASE. libnetfilter_queue issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 Hi, 

I'm a new user to libnetfilter_queue. I ran the test example of
libnetfilter_queue-1.0.0 on a Debian x86 (Linux debian 2.6.26-1-686)
host but I found that the pakcets queue in NFQUEUE were not dequeued
after recv() was invoked. I ran the iptables command on the debain host:
iptables -A INPUT -p udp --dport 8192:32000 -j NFQUEUE --queue-num 0

Then I send UDP packets from another machine with destination port in
the range. By default, the libnetfilter_queue received 1000 packets on
Debian host and stopped (blocked in recv()). Then I set the queue length
to 12000 nfq_set_queue_maxlen(qh, 1200) . This time, the
libnetfilter_queue received 1200 packets and stopped (blocked in
recv()). 

Looks like the pakcets were not dequeued from NFQUEUE? How can I fix
this problem? 

int main(int argc, char **argv) 
{ 
        struct nfq_handle *h; 
        struct nfq_q_handle *qh; 
        struct nfnl_handle *nh; 
        int fd; 
        int rv; 
        char buf[4096] __attribute__ ((aligned)); 

        printf("opening library handle\n"); 
        h = nfq_open(); 
        if (!h) { 
                fprintf(stderr, "error during nfq_open()\n"); 
                exit(1); 
        } 

        printf("unbinding existing nf_queue handler for AF_INET (if
any)\n"); 
        if (nfq_unbind_pf(h, AF_INET) < 0) { 
                fprintf(stderr, "error during nfq_unbind_pf()\n"); 
                exit(1); 
        } 

        printf("binding nfnetlink_queue as nf_queue handler for
AF_INET\n"); 
        if (nfq_bind_pf(h, AF_INET) < 0) { 
                fprintf(stderr, "error during nfq_bind_pf()\n"); 
                exit(1); 
        } 

        printf("binding this socket to queue '0'\n"); 
        qh = nfq_create_queue(h,  0, &cb, NULL); 
        if (!qh) { 
                fprintf(stderr, "error during nfq_create_queue()\n"); 
                exit(1); 
        } 

        printf("setting copy_packet mode\n"); 
        if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) { 
                fprintf(stderr, "can't set packet_copy mode\n"); 
                exit(1); 
        } 

        if (nfq_set_queue_maxlen(qh, 1200) < 0) { 
                fprintf(stderr, "can't set queue_maxlen\n"); 
                exit(1); 
        } 

        fd = nfq_fd(h); 

        while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) { 
                nfq_handle_packet(h, buf, rv); 
        } 

        printf("unbinding from queue 0\n"); 
        nfq_destroy_queue(qh); 

#ifdef INSANE 
        /* normally, applications SHOULD NOT issue this command, since 
         * it detaches other programs/sockets from AF_INET, too ! */ 
        printf("unbinding from AF_INET\n"); 
        nfq_unbind_pf(h, AF_INET); 
#endif 

        printf("closing library handle\n"); 
        nfq_close(h); 

        exit(0); 
} 


Best regards 
=========================== 
Mai Jin 
Alcatel Shanghai Bell (Nanjing) Co. Ltd. 
Alcatel-Net: 2735-5011 
Tel: (+86)-25-8473 1240-5011 
Addr: 11F, Yangtse River Tech Park. 
           Building No.40 of Nanchang Road, 
           Gulou District, Nanjing, China 
Zip: 210037 
jin.mai@xxxxxxxxxxxxxxxxxxxx 
ASB/MoAD/RDR/BSR APL 
  

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux