Red Hat Topics - iptables -j QUEUE fails on RH-E-WS-4

This is Interesting: Free IT Magazines  
Home > Archive > Red Hat Topics > May 2005 > iptables -j QUEUE fails on RH-E-WS-4





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author iptables -j QUEUE fails on RH-E-WS-4
Mike - EMAIL IGNORED

2005-05-11, 7:45 am

Using RH-E-WS-4 that has kernel-2.6.9-5.EL, all freshly installed,
I downloaded and installed iptables-1.3.1 using the install script
shown below.

I wrote the simple test program shown below, following
man libipq.

When I run it, and then send pings from another
box, the program prints "started", and nothing
else, indicating that the ipq_read never returns.
The pings get no response. I note that if I
change QUEUE to ACCEPT in the iptables -A, the
pings respond appropriately.

Advice would be much appreciated.

Mike.

--
Michael D. Berger
m.d.berger@ieee.org
--

*** install script ***

make KERNEL_DIR=/usr/src BINDIR=/usr/bin LIBDIR=/usr/lib
MANDIR=/usr/share/man make install KERNEL_DIR=/usr/src BINDIR=/usr/bin
LIBDIR=/usr/lib MANDIR=/usr/share/man install make install
KERNEL_DIR=/usr/src BINDIR=/usr/bin LIBDIR=/usr/lib
MANDIR=/usr/share/man install-devel

*** start sequence ***

modprobe iptable_filter
modprobe ip_queue
iptables -A OUTPUT -p icmp -j QUEUE
netqueue # the name of my program

*** iptables-save output ***

# Generated by iptables-save v1.2.11 on Sat May 7 14:03:44 2005 *filter
:INPUT ACCEPT [30:6804] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [46:5164]
-A OUTPUT -p icmp -j QUEUE
COMMIT
# Completed on Sat May 7 14:03:44 2005

*** code ***

// netqueue.c 05/10/05

#include <linux/netfilter.h>
#include <libipq.h>
#include <stdio.h>

#define BUFSIZE 2048

static void die (struct ipq_handle *hand)
{
ipq_perror("passer");
ipq_destroy_handle(hand);
exit(1);
}

int main(int argc, char* argv[])
{
int status;
unsigned char buf[BUFSIZE];
struct ipq_handle* ipqHand;

ipqHand = ipq_create_handle(0,PF_INET);

if (ipqHand == 0)
die(ipqHand);

int cnt = 0;
while (cnt++ < 3)
{
fprintf(stderr,"started\n");
status = ipq_read(ipqHand,buf,BUFSIZE,0);
fprintf(stderr,"read\n");

if (status < 0)
die(ipqHand);

switch(ipq_message_type(buf))
{
case NLMSG_ERROR:
fprintf(stderr,"Error msg: %s\n",ipq_get_msgerr(buf));
break;

default:
{
ipq_packet_msg_t* msg = ipq_get_packet(buf);
fprintf (stderr,"Type = %d\n",ipq_message_type(buf));
status = ipq_set_verdict(ipqHand,msg->packet_id,
NF_ACCEPT,0,NULL);
if (status < 0)
die(ipqHand);
}
};
}

ipq_destroy_handle(ipqHand);
return 0;
}
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com