FYI - I got a solution: You have to point a port to the QUEUE using iptables: iptables -I INPUT -p tcp --dport 5001 -j QUEUE This sets the port used by iperf to be monitored. nfqnl_test program works on Fedora 19 with a 3.10.7 kernel It fails with a 2.6.32 : [root@RH63-x86 utils]# ./nfqnl_test opening library handle unbinding existing nf_queue handler for AF_INET (if any) error during nfq_unbind_pf() Is this feature not available on 2.6.32 ? ________________________________________ From: netfilter-owner@xxxxxxxxxxxxxxx [netfilter-owner@xxxxxxxxxxxxxxx] on behalf of John Donnelly [john_donnelly@xxxxxxxxxxxxxxxxx] Sent: Monday, August 19, 2013 5:39 PM To: netfilter@xxxxxxxxxxxxxxx Subject: libnetfilter_queue: ./nfqnl_test usage ? no activity shown Hi, Hi, I am trying to get libnetfilter_queue usermode example working on 3.10.3 kernel , and I don't see any activity reported: info: [root@rh62-x86 utils]# cat /usr/share/pkgconfig/lib* | egrep "Ver|Name" Name: libmnl Version: 1.0.3 Name: libnetfilter_queue Version: 1.0.2 Name: libnfnetlink Version: 1.0.1 Name: libnftables Version: 1.0.0 [root@rh62-x86 utils]# pwd /root/ntest/libnetfilter_queue/utils insmod /lib/modules/`uname -r`/kernel/net/netfilter/nfnetlink_queue.ko [root@rh62-x86 utils]# lsmod Module Size Used by nfnetlink_queue 7851 0 installed Running nfqnl_test yields no captures: [root@rh62-x86 utils]# ./nfqnl_test opening library handle unbinding existing nf_queue handler for AF_INET (if any) binding nfnetlink_queue as nf_queue handler for AF_INET binding this socket to queue '0' setting copy_packet mode < nothing > Should I see activity if I ssh to the machine ? Suggestions welcome . DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
