Re: nfq_bind_pf() simultaneously in 2 separate programs?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Le lundi 10 janvier 2011 à 15:36 -0800, Ajay Lele a écrit :
> On Mon, Jan 10, 2011 at 2:24 PM, Eric Leblond <eric@xxxxxxxxx> wrote:
> > Hello,
> >
> > Le lundi 10 janvier 2011 à 12:31 -0800, Ajay Lele a écrit :
> >> Hi All
> >>
> >> I am using netfilter_queue library (version 1.0.0, nfnetlink version
> >> 1.0.0) to queue certain packets to user-space and it works great
> >>
> >> Now I want to run 2 instances on this program simultaneously with each
> >> program receiving and processing packets received on a different
> >> queue. The 1st instance of program runs fine, but call to
> >> nfq_unbind_pf()/nfq_bind_pf() for AF_INET fail in the 2nd instance
> >>
> >> Is it not possible to use netfilter_queue APIs simultaneously in 2
> >> programs when each one of them is listening to a separate queue? Any
> >> other approach which can be used to get this to work? - I don't want
> >> to merge the processing of packets on the 2 queues into a single
> >> program
> >
> > nfq_bind_pf() call is linking the kernel nf_queue capability with the
> > nfnetlink_queue module for a given protocol. This has only to be done
> > once on a system (as nfnetlink_queue is the only userspace queuing
> > module for now).
> >
> > Thus your program can simply ignore the return on nfq_[un]bind_pf()
> > function.
> 
> Thanks Eric for your quick reply
> 
> I tried ignoring the return from nfq_[un]bind_pf() but
> nfq_create_queue() fails with return value NULL. Target machine is
> running CentOS 5.3

NFQ initialisation in NuFW is working fine since some years now. You can
find it here:
https://nufw.edenwall.com/projects/nufw/repository/revisions/master/entry/src/nufw/packetsrv.c#L219

BR,

> 
> Regards
> Ajay
> 
> >
> > BR,
> >
> >>
> >> Thanks in advance
> >>
> >> Regards
> >> Ajay
> >> --
> >> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> >> the body of a message to majordomo@xxxxxxxxxxxxxxx
> >> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> >
> > --
> > Eric Leblond <eric@xxxxxxxxx>
> >
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

-- 
Eric Leblond <eric@xxxxxxxxx>

Attachment: signature.asc
Description: This is a digitally signed message part

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux