NF_QUEUE: nfq_bind_pf() fails - solution

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



  In the hope that this will make it into Google and help others, and
maybe someone will clarify the Kconfig....

  I've just spent a gew hours trying to figure out why simple code
attempting to use Netfilter Queues has been failing to even do the nice
simple nfq_bind_pf(h, AF_INET).  I eventually spotted some /proc code
that lead me to find /proc/net/netfilter/nf_queue which contained:

 0 NONE
 1 NONE
 2 ip_queue
 3 NONE
 4 NONE
 5 NONE
 6 NONE
 7 NONE
 8 NONE
 9 NONE
10 NONE
11 NONE
12 NONE

And indeed '2' is AF_INET.  So, what's this ip_queue ?  It's an
implementation of the *OLD* ip_queue interface using the new
nfnetlink_queue interface.  But this being in place totally blocks
anything else from binding to AF_INET.

So, it's this kernel option:

config IP_NF_QUEUE
        tristate "IP Userspace queueing via NETLINK (OBSOLETE)"
        depends on NETFILTER_ADVANCED
        help
          Netfilter has the ability to queue packets to user space: the
          netlink device can be used to access them using this driver.

          This option enables the old IPv4-only "ip_queue" implementation
          which has been obsoleted by the new "nfnetlink_queue" code (see
          CONFIG_NETFILTER_NETLINK_QUEUE).

          To compile it as a module, choose M here.  If unsure, say N.

I feel this could be a little more explicit that "if you have this
active then nothing else will be able to use nfnetlink_queue instead".

Yes, now I'm wishing I compiled this stuff as modules so I could just
remove the bugger.

-- 
- Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/
                  Finger athan(at)fysh.org for PGP key
	   "And it's me who is my enemy. Me who beats me up.
Me who makes the monsters. Me who strips my confidence." Paula Cole - ME

Attachment: signature.asc
Description: Digital signature


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux