Re: 'HELP ME PLEASE. libnetfilter_queue issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
Where is the Callback function?
( You use it when you call "create_queue" ), w-hen you call
handle_packet() it executes the callback you supply in
"create_queue"..

And messages are removed from the queue only after you issue a verdict
for them. until you do they will eat up you're queue space :)

in order to fix the problem, create a callback ( "cb" is the name you
issued in the create_queue function ) and issue a verdict for the
messages you receive in that callback.

Kind Regards
Yechiel Levi

On Thu, Jul 15, 2010 at 11:08 AM, MAI JIN <Jin.Mai@xxxxxxxxxxxxxxxxxxxx> wrote:
>
>  Hi,
>
> I'm a new user to libnetfilter_queue. I ran the test example of
> libnetfilter_queue-1.0.0 on a Debian x86 (Linux debian 2.6.26-1-686)
> host but I found that the pakcets queue in NFQUEUE were not dequeued
> after recv() was invoked. I ran the iptables command on the debain host:
> iptables -A INPUT -p udp --dport 8192:32000 -j NFQUEUE --queue-num 0
>
> Then I send UDP packets from another machine with destination port in
> the range. By default, the libnetfilter_queue received 1000 packets on
> Debian host and stopped (blocked in recv()). Then I set the queue length
> to 12000 nfq_set_queue_maxlen(qh, 1200) . This time, the
> libnetfilter_queue received 1200 packets and stopped (blocked in
> recv()).
>
> Looks like the pakcets were not dequeued from NFQUEUE? How can I fix
> this problem?
>
> int main(int argc, char **argv)
> {
>        struct nfq_handle *h;
>        struct nfq_q_handle *qh;
>        struct nfnl_handle *nh;
>        int fd;
>        int rv;
>        char buf[4096] __attribute__ ((aligned));
>
>        printf("opening library handle\n");
>        h = nfq_open();
>        if (!h) {
>                fprintf(stderr, "error during nfq_open()\n");
>                exit(1);
>        }
>
>        printf("unbinding existing nf_queue handler for AF_INET (if
> any)\n");
>        if (nfq_unbind_pf(h, AF_INET) < 0) {
>                fprintf(stderr, "error during nfq_unbind_pf()\n");
>                exit(1);
>        }
>
>        printf("binding nfnetlink_queue as nf_queue handler for
> AF_INET\n");
>        if (nfq_bind_pf(h, AF_INET) < 0) {
>                fprintf(stderr, "error during nfq_bind_pf()\n");
>                exit(1);
>        }
>
>        printf("binding this socket to queue '0'\n");
>        qh = nfq_create_queue(h,  0, &cb, NULL);
>        if (!qh) {
>                fprintf(stderr, "error during nfq_create_queue()\n");
>                exit(1);
>        }
>
>        printf("setting copy_packet mode\n");
>        if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
>                fprintf(stderr, "can't set packet_copy mode\n");
>                exit(1);
>        }
>
>        if (nfq_set_queue_maxlen(qh, 1200) < 0) {
>                fprintf(stderr, "can't set queue_maxlen\n");
>                exit(1);
>        }
>
>        fd = nfq_fd(h);
>
>        while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
>                nfq_handle_packet(h, buf, rv);
>        }
>
>        printf("unbinding from queue 0\n");
>        nfq_destroy_queue(qh);
>
> #ifdef INSANE
>        /* normally, applications SHOULD NOT issue this command, since
>         * it detaches other programs/sockets from AF_INET, too ! */
>        printf("unbinding from AF_INET\n");
>        nfq_unbind_pf(h, AF_INET);
> #endif
>
>        printf("closing library handle\n");
>        nfq_close(h);
>
>        exit(0);
> }
>
>
> Best regards
> ===========================
> Mai Jin
> Alcatel Shanghai Bell (Nanjing) Co. Ltd.
> Alcatel-Net: 2735-5011
> Tel: (+86)-25-8473 1240-5011
> Addr: 11F, Yangtse River Tech Park.
>           Building No.40 of Nanchang Road,
>           Gulou District, Nanjing, China
> Zip: 210037
> jin.mai@xxxxxxxxxxxxxxxxxxxx
> ASB/MoAD/RDR/BSR APL
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux