Hi,
Where is the Callback function?
( You use it when you call "create_queue" ), w-hen you call
handle_packet() it executes the callback you supply in
"create_queue"..
And messages are removed from the queue only after you issue a verdict
for them. until you do they will eat up you're queue space :)
in order to fix the problem, create a callback ( "cb" is the name you
issued in the create_queue function ) and issue a verdict for the
messages you receive in that callback.
Kind Regards
Yechiel Levi
On Thu, Jul 15, 2010 at 11:08 AM, MAI JIN <Jin.Mai@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> Hi,
>
> I'm a new user to libnetfilter_queue. I ran the test example of
> libnetfilter_queue-1.0.0 on a Debian x86 (Linux debian 2.6.26-1-686)
> host but I found that the pakcets queue in NFQUEUE were not dequeued
> after recv() was invoked. I ran the iptables command on the debain host:
> iptables -A INPUT -p udp --dport 8192:32000 -j NFQUEUE --queue-num 0
>
> Then I send UDP packets from another machine with destination port in
> the range. By default, the libnetfilter_queue received 1000 packets on
> Debian host and stopped (blocked in recv()). Then I set the queue length
> to 12000 nfq_set_queue_maxlen(qh, 1200) . This time, the
> libnetfilter_queue received 1200 packets and stopped (blocked in
> recv()).
>
> Looks like the pakcets were not dequeued from NFQUEUE? How can I fix
> this problem?
>
> int main(int argc, char **argv)
> {
> struct nfq_handle *h;
> struct nfq_q_handle *qh;
> struct nfnl_handle *nh;
> int fd;
> int rv;
> char buf[4096] __attribute__ ((aligned));
>
> printf("opening library handle\n");
> h = nfq_open();
> if (!h) {
> fprintf(stderr, "error during nfq_open()\n");
> exit(1);
> }
>
> printf("unbinding existing nf_queue handler for AF_INET (if
> any)\n");
> if (nfq_unbind_pf(h, AF_INET) < 0) {
> fprintf(stderr, "error during nfq_unbind_pf()\n");
> exit(1);
> }
>
> printf("binding nfnetlink_queue as nf_queue handler for
> AF_INET\n");
> if (nfq_bind_pf(h, AF_INET) < 0) {
> fprintf(stderr, "error during nfq_bind_pf()\n");
> exit(1);
> }
>
> printf("binding this socket to queue '0'\n");
> qh = nfq_create_queue(h, 0, &cb, NULL);
> if (!qh) {
> fprintf(stderr, "error during nfq_create_queue()\n");
> exit(1);
> }
>
> printf("setting copy_packet mode\n");
> if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
> fprintf(stderr, "can't set packet_copy mode\n");
> exit(1);
> }
>
> if (nfq_set_queue_maxlen(qh, 1200) < 0) {
> fprintf(stderr, "can't set queue_maxlen\n");
> exit(1);
> }
>
> fd = nfq_fd(h);
>
> while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
> nfq_handle_packet(h, buf, rv);
> }
>
> printf("unbinding from queue 0\n");
> nfq_destroy_queue(qh);
>
> #ifdef INSANE
> /* normally, applications SHOULD NOT issue this command, since
> * it detaches other programs/sockets from AF_INET, too ! */
> printf("unbinding from AF_INET\n");
> nfq_unbind_pf(h, AF_INET);
> #endif
>
> printf("closing library handle\n");
> nfq_close(h);
>
> exit(0);
> }
>
>
> Best regards
> ===========================
> Mai Jin
> Alcatel Shanghai Bell (Nanjing) Co. Ltd.
> Alcatel-Net: 2735-5011
> Tel: (+86)-25-8473 1240-5011
> Addr: 11F, Yangtse River Tech Park.
> Building No.40 of Nanchang Road,
> Gulou District, Nanjing, China
> Zip: 210037
> jin.mai@xxxxxxxxxxxxxxxxxxxx
> ASB/MoAD/RDR/BSR APL
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
