Is it possible to bind multiple address families in netfilter queue? I see IPv4 show up in my queue, but not ARP. With error code removed, here is how I'm calling nfq_bind: netfilterqueue_handle = nfq_open(); netfilterqueue_queue = nfq_create_queue( netfilterqueue_handle, 0, &q_callback, this ); nfq_bind_pf( netfilterqueue_handle, AF_INET ); nfq_bind_pf( netfilterqueue_handle, NF_ARP ); I'm thinking the more likely possibility is the iptable rules I'm using to send traffic to the queue are too restrictive. Here are the rules I have: # Generated by iptables-save v1.4.21 on Sat Feb 14 10:40:46 2015 *nat :PREROUTING ACCEPT [161:14105] :INPUT ACCEPT [56:4995] :OUTPUT ACCEPT [56:4496] :POSTROUTING ACCEPT [56:4496] -A POSTROUTING -s 10.0.1.0/24 -o eth0 -j MASQUERADE COMMIT # Completed on Sat Feb 14 10:40:46 2015 # Generated by iptables-save v1.4.21 on Sat Feb 14 10:40:46 2015 *filter :INPUT ACCEPT [1017:217421] :FORWARD DROP [53:2307] :OUTPUT ACCEPT [934:211104] :MYRA - [0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j MYRA -A FORWARD -s 10.0.1.0/24 -o eth0 -m conntrack --ctstate NEW -j MYRA -A MYRA -j NFQUEUE --queue-num 0 --queue-bypass COMMIT # Completed on Sat Feb 14 10:40:46 2015 Do I have to add another FORWARD line to get ARP to jump to MYRA? What would it look like? Thanks in advance. Stéphane Charette -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
