Netfilter_queue test program question

Netfilter_queue test program question

[Andy Cristina]

I've been attempting to play with netfilter_queue to see how effective
a certain similarity hashing technique would work for identifying
parts of documents being sent out over the network, but I haven't had
much progress even getting the test program to work.

I can compile and link nfq_test.c fine, using both the old versions of
libnfnetfiler and libnetfilter_queue available from ubuntu's apt, and
by using the newest released versions compiled from source.

However, in any case when I run the compiled nfq_test, the program
seems to do nothing after setting the packet copy mode.  So it seems
to me as if it is perpetually waiting for a packet to be sent over the
netlink, but one never arrives, no matter how much network traffic I
have.

Am I missing some vital piece of setup?  When I run nfq_test, there
are two netfilter modules loaded.  Should there be more?  Do they need
to be configured somehow?  Is this the expected behavior?

I have tested this both on my ubuntu install and on a friend's debian,
both machines exhibit the same behavior.  Any help is certainly
appreciated.

Re: Netfilter_queue test program question

[Gáspár Lajos]

Andy Cristina írta:
> I've been attempting to play with netfilter_queue to see how effective
> a certain similarity hashing technique would work for identifying
> parts of documents being sent out over the network, but I haven't had
> much progress even getting the test program to work.
Just a few questions:

- Why do you want to do such things?
- How would you come over on the compressed files, MIME encodings?
- Are you attempting to stop some information thiefing?
> I can compile and link nfq_test.c fine, using both the old versions of
> libnfnetfiler and libnetfilter_queue available from ubuntu's apt, and
> by using the newest released versions compiled from source.
>
> However, in any case when I run the compiled nfq_test, the program
> seems to do nothing after setting the packet copy mode.  So it seems
> to me as if it is perpetually waiting for a packet to be sent over the
> netlink, but one never arrives, no matter how much network traffic I
> have.
>
> Am I missing some vital piece of setup?  When I run nfq_test, there
> are two netfilter modules loaded.  Should there be more?  Do they need
> to be configured somehow?  Is this the expected behavior?
>
> I have tested this both on my ubuntu install and on a friend's debian,
> both machines exhibit the same behavior.  Any help is certainly
> appreciated.
>
>   
Swifty

Re: Netfilter_queue test program question

[Andy Cristina]

On 8/29/07, Gáspár Lajos <swifty@freemail.hu> wrote:
> Andy Cristina írta:
> > I've been attempting to play with netfilter_queue to see how effective
> > a certain similarity hashing technique would work for identifying
> > parts of documents being sent out over the network, but I haven't had
> > much progress even getting the test program to work.
> Just a few questions:
>
> - Why do you want to do such things?
> - How would you come over on the compressed files, MIME encodings?
> - Are you attempting to stop some information thiefing?
> > I can compile and link nfq_test.c fine, using both the old versions of
> > libnfnetfiler and libnetfilter_queue available from ubuntu's apt, and
> > by using the newest released versions compiled from source.
> >
> > However, in any case when I run the compiled nfq_test, the program
> > seems to do nothing after setting the packet copy mode.  So it seems
> > to me as if it is perpetually waiting for a packet to be sent over the
> > netlink, but one never arrives, no matter how much network traffic I
> > have.
> >
> > Am I missing some vital piece of setup?  When I run nfq_test, there
> > are two netfilter modules loaded.  Should there be more?  Do they need
> > to be configured somehow?  Is this the expected behavior?
> >
> > I have tested this both on my ubuntu install and on a friend's debian,
> > both machines exhibit the same behavior.  Any help is certainly
> > appreciated.
> >
> >
> Swifty
>
>
>

Re: Netfilter_queue test program question

[Andy Cristina]

> However, in any case when I run the compiled nfq_test, the program
> seems to do nothing after setting the packet copy mode.  So it seems
> to me as if it is perpetually waiting for a packet to be sent over the
> netlink, but one never arrives, no matter how much network traffic I
> have.
>
> Am I missing some vital piece of setup?  When I run nfq_test, there
> are two netfilter modules loaded.  Should there be more?  Do they need
> to be configured somehow?  Is this the expected behavior?
>
> I have tested this both on my ubuntu install and on a friend's debian,
> both machines exhibit the same behavior.  Any help is certainly
> appreciated.

It is amazing what a good night's sleep does to improve your ability
to read and comprehend.  I was, of course, forgetting to setup an
iptable rule to queue packets, so now I can proceed.