Hello I faced a very strange problem when trying to use a code from: https://git.netfilter.org/libnetfilter_queue/tree/utils/nfqnl_test.c The problem consists in the following: If I apply NF_DROP instead of NF_ACCEPT in the utility line: return nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL); for tcp packet which contains some specific string (say, hhhhh) that packet comes back to the queue again but with different id. And that happens in the loop: the packet drops again and comes back again, and so on. That is interesting that the packet comes back to the queue with frequency that becomes slower over time. Also, the above process seems to block other packets (the queue does not receives other packets). More details: (o) To generate tcp packets communications I use simple tcp server (port 1100) and tcp client that can send a packet with specific string or a packet without specific string. (o) To reduce queue traffic I use the following expressions: iptables -I OUTPUT -p tcp --dport 1100 -j NFQUEUE --queue-bypass --queue-num 0 or nft insert rule ip filter output ip protocol tcp tcp dport 1100 counter queue num 0 (o) I tried the platforms: ubuntu 18.04 (kernel 4.15.0) ubuntu 19.04 (kernel 5.0.0) ubuntu 12.04 (kernel 3.2.0) oracle 7.5 All above platforms give the same result. After three weeks of debugging I really need your help. Thanks. Valeri
