Kernel 4.4.60. nft ver: 0.9.6
Hi,
I am trying to send packets to a user space application using nfqueue.
I added the following chain and rule.
table ip hotspot {
chain nchain { # handle 3
type filter hook postrouting priority 400; policy accept;
udp sport 53 counter packets 71 bytes 38194 queue num
43 bypass # handle
udp dport 53 counter packets 73 bytes 5184 queue num
43 bypass # handle 33
}
}
The counter increments but the application does not receive the packets.
If I try at a different hook position then the application receives it.
table ip hotspot {
chain dns-snoop-forward { # handle 2
type filter hook forward priority raw; policy accept;
udp sport 53 counter packets 23 bytes 12951 queue num
43 bypass #
udp dport 53 counter packets 28 bytes 2031 queue num
43 bypass # handle
}
}
1. Does post routing hook not allow nfqueue ?
2. Also Is it possible to send packets to userspace after the
_nf_conntrack_confirm() has confirmed the ct. I tried to change the
static priority of NF_IP_PRI_CONNTRACK_CONFIRM to 350 and added my
hook at 400, but packets were not received by userspace. Anything I am
missing.
Kindly suggest.
Thanks
ngadre
