Userspace queuing

Userspace queuing

[Muhammad R. Sami]

Is there a way to perform userspace queuing in iptables? If yes can I have
some example codes.

Regards,

 

Muhammad R. Sami 
Research Assistant, 
Computer Engineering Department 
P.O.Box 354 
King Fahd University of Petroleum & Minerals 
Dhahran 31261 
Saudi Arabia. 
Tel: +96638601423 
Cell: +96657982951 
www.ccse.kfupm.edu.sa/sami

 

Re: Userspace queuing

[Pablo Neira]

Hi Muhammad,

Muhammad R. Sami wrote:

>Is there a way to perform userspace queuing in iptables? If yes can I have
>some example codes.
>  
>

http://www.cs.princeton.edu/~nakao/libipq.htm
^^^
I think that you could be able to get it running with the information 
provided in the manpage.

http://cvs.netfilter.org/netfilter/testsuite/tools/intercept.c
^^^
This is an old example, I got it compiled with no big problems.

best regards,
Pablo

Re: Userspace queuing

[Henrik Nordstrom]

On Fri, 25 Jun 2004, Muhammad R. Sami wrote:

> Is there a way to perform userspace queuing in iptables? If yes can I have
> some example codes.

Yes, via QUEUE and libipq.

examples on how to use libipq is included in the libipq documentation.

libipq is shipped together with iptables.

Regards
Henrik

RE: Userspace queuing

[Muhammad R. Sami]

But as far as I have worked on it, I an only accept or drop packets using
libipq and Queue. What if I want to set priority to accepted packets, like
high priority and low priority, can this be also done using the same or
there is some other mechanism in iptables. 
Regards,

Muhammad R. Sami 
Research Assistant, 
Computer Engineering Department 
P.O.Box 354 
King Fahd University of Petroleum & Minerals 
Dhahran 31261 
Saudi Arabia. 
Tel: +96638601423 
Cell: +96657982951 
www.ccse.kfupm.edu.sa/sami
-----Original Message-----
From: netfilter-devel-admin@lists.netfilter.org
[mailto:netfilter-devel-admin@lists.netfilter.org] On Behalf Of Henrik
Nordstrom
Sent: Saturday, June 26, 2004 2:30 AM
To: Muhammad R. Sami
Cc: Netfilter List
Subject: Re: Userspace queuing 

On Fri, 25 Jun 2004, Muhammad R. Sami wrote:

> Is there a way to perform userspace queuing in iptables? If yes can I have
> some example codes.

Yes, via QUEUE and libipq.

examples on how to use libipq is included in the libipq documentation.

libipq is shipped together with iptables.

Regards
Henrik

RE: Userspace queuing

[Henrik Nordstrom]

On Sat, 26 Jun 2004, Muhammad R. Sami wrote:

> But as far as I have worked on it, I an only accept or drop packets using
> libipq and Queue. What if I want to set priority to accepted packets, like
> high priority and low priority, can this be also done using the same or
> there is some other mechanism in iptables. 

While it is true that you can only accept/deny/modify packets via the
ip_queue it is not hard to extend ip_queue with additional result fields
to allow specifying for example the nfmark or other relevan skbuff packet
parameters.

See the mailing-list archives for both discussions and patches for doing 
this.

You also can implement whatever queue policy you like in your userspace
application which I thought it was you asked for. How you manage the
priority queue while the packet is owned by your userspace application is 
well up to your application. The kernel only requires that you at some 
point tell a fate for the packet (accept/drop, accept -> packet continues 
within the Linux kernel)

Regards
Henrik

RE: Userspace queuing

[Muhammad R. Sami]

Thanks Henrik for your help, I have 2 questions, first of all I could not
find anyway to extract and read packet payload through libipq, I know it has
a function to do so but how to use it (any examples??) and secondly is there
any implementation of priority queues (multiple FIFOs) at userspace using
libipq. If you can help me on these, I would be thankful. 
Regards,

RE: Userspace queuing

[Henrik Nordstrom]

On Mon, 28 Jun 2004, Muhammad R. Sami wrote:

> Thanks Henrik for your help, I have 2 questions, first of all I could not
> find anyway to extract and read packet payload through libipq, I know it has
> a function to do so but how to use it (any examples??)

See the very extensive documentation included in libipq.

> and secondly is there any implementation of priority queues (multiple
> FIFOs) at userspace using libipq.

Not that I know of, but I thougt this was what you wanted to implement 
yourself..

What is it actually that you want to do?

Regards
Henrik

Re: Userspace queuing

[Nigel Kukard]

[-- Attachment #1: Type: text/plain, Size: 616 bytes --]

check project   www.freshmeat.net/projects/bwmtools

it uses multiple userpace queues to prioritize and limit traffic based
on certain criteria.


On Mon, Jun 28, 2004 at 10:17:21AM +0300, Muhammad R. Sami wrote:
> Thanks Henrik for your help, I have 2 questions, first of all I could not
> find anyway to extract and read packet payload through libipq, I know it has
> a function to do so but how to use it (any examples??) and secondly is there
> any implementation of priority queues (multiple FIFOs) at userspace using
> libipq. If you can help me on these, I would be thankful. 
> Regards,
> 
> 

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: Userspace queuing

[Ulysses Almeida]

Hi there, 

  I just wrote a libipq tutorial, tring to explain how to use it to
handle packets on user-space. It's on brazilian portuguese, but there's
a section named libipq By Example, with an example src, that could be
self explainatory. The example is a mix code with man pages example
and examples I find on lipipq cvs.

  Some time, if someone thinks it's useful, I can translate it to
english, with my awful english.

  Best regards.

On Mon, Jun 28, 2004 at 10:17:21AM +0300, Muhammad R. Sami wrote:
> Thanks Henrik for your help, I have 2 questions, first of all I could not
> find anyway to extract and read packet payload through libipq, I know it has
> a function to do so but how to use it (any examples??) and secondly is there
> any implementation of priority queues (multiple FIFOs) at userspace using
> libipq. If you can help me on these, I would be thankful. 
> Regards,
> 
> 
> 

-- 
    .~.  Ulysses Almeida
   / V \  munky@maluco.com.br
 / (   ) \  Seja livre, use GNU/Linux! 
   ^^-^^

Re: Userspace queuing

[Ulysses Almeida]

Sorry, I forgot the link http://www.glug.ucdb.br/~ulysses/libipq.html

  Regards

On Mon, Jun 28, 2004 at 10:17:21AM +0300, Muhammad R. Sami wrote:
> Thanks Henrik for your help, I have 2 questions, first of all I could not
> find anyway to extract and read packet payload through libipq, I know it has
> a function to do so but how to use it (any examples??) and secondly is there
> any implementation of priority queues (multiple FIFOs) at userspace using
> libipq. If you can help me on these, I would be thankful. 
> Regards,
> 
> 
> 

-- 
    .~.  Ulysses Almeida
   / V \  munky@maluco.com.br
 / (   ) \  Seja livre, use GNU/Linux! 
   ^^-^^

Re: Userspace queuing

[Fallucchi Antonio]

hi,

i use libipq and "QUEUE" for read the SYN  pachet sent from local 
application...
now I must REDIRECT all packet (width nat) to a local service (proxy).

I have configure the netfilter:

*nat
:PREROUTING ACCEPT [4:240]
:POSTROUTING ACCEPT [22:1306]
:OUTPUT ACCEPT [18:1066]
-A OUTPUT -d ! 127.0.0.1 -p tcp -m tcp --dport 80 ! --tcp-flags SYN SYN 
-j DNAT --to-destination 127.0.0.1:80
-A OUTPUT -d ! 127.0.0.1 -p tcp -m tcp --dport 80 --tcp-flags SYN SYN -j 
QUEUE
COMMIT

or

*nat
:PREROUTING ACCEPT [4:240]
:POSTROUTING ACCEPT [22:1306]
:OUTPUT ACCEPT [18:1066]
-A OUTPUT -d ! 127.0.0.1 -p tcp -m tcp --dport 80 --tcp-flags SYN SYN -j 
QUEUE
-A OUTPUT -d ! 127.0.0.1 -p tcp -m tcp --dport 80 ! --tcp-flags SYN SYN 
-j DNAT --to-destination 127.0.0.1:80
COMMIT

in all the solution the packets bypass the nat rule..
there is other solution ??

Ulysses Almeida wrote:

>Sorry, I forgot the link http://www.glug.ucdb.br/~ulysses/libipq.html
>
>  Regards
>
>On Mon, Jun 28, 2004 at 10:17:21AM +0300, Muhammad R. Sami wrote:
>  
>
>>Thanks Henrik for your help, I have 2 questions, first of all I could not
>>find anyway to extract and read packet payload through libipq, I know it has
>>a function to do so but how to use it (any examples??) and secondly is there
>>any implementation of priority queues (multiple FIFOs) at userspace using
>>libipq. If you can help me on these, I would be thankful. 
>>Regards,
>>
>>
>>
>>    
>>
>
>  
>

RE: Userspace queuing

[Muhammad R. Sami]

What I understand from the examples is that I have to create my own
structure for my packet's application header. And then extract the payload
using this approach:

ipq_packet_msg_t *m = ipq_get_packet(buf);
struct iphdr *iph = ((struct iphdr *)m->payload);

where struct iphdr will be struct "myhdr"

and then decide queuing policy according to what I get.

Am I on the right track?
Regards,

-----Original Message-----
From: Ulysses Almeida [mailto:munky@maluco.com.br] 
Sent: Monday, June 28, 2004 8:16 PM
To: Muhammad R. Sami
Cc: Netfilter List
Subject: Re: Userspace queuing

Sorry, I forgot the link http://www.glug.ucdb.br/~ulysses/libipq.html

  Regards

On Mon, Jun 28, 2004 at 10:17:21AM +0300, Muhammad R. Sami wrote:
> Thanks Henrik for your help, I have 2 questions, first of all I could not
> find anyway to extract and read packet payload through libipq, I know it
has
> a function to do so but how to use it (any examples??) and secondly is
there
> any implementation of priority queues (multiple FIFOs) at userspace using
> libipq. If you can help me on these, I would be thankful. 
> Regards,
> 
> 
> 

-- 
    .~.  Ulysses Almeida
   / V \  munky@maluco.com.br
 / (   ) \  Seja livre, use GNU/Linux! 
   ^^-^^