nflog_bind_group() question

nflog_bind_group() question

[Fred Leeflang]

Hi devs,

We've recently implemented NFLOG support in vuurmuur, I've written an
article on the effort here
http://wordpress.3dn.nl/2009/11/25/iptabes-nflog-support-in-vuurmuur/

I'm curious about something I found out in the process. I've had
ulogd2 running alongside vuurmuur for a while and configured it to
listen to a specific nflog-group. When I had ulogd2 running I would
not be able to run vuurmuur_log which also listens to an nflog-group.
It took me a while to realize that it would not work because of having
ulogd2 running and both trying to listen to the SAME nflog-group.

Does this mean that it's not possible for two applications at the same
time to get netfilter_log messages from the same nflog-group?

-Fred

Re: nflog_bind_group() question

[Patrick McHardy]

Fred Leeflang wrote:
> Hi devs,
> 
> We've recently implemented NFLOG support in vuurmuur, I've written an
> article on the effort here
> http://wordpress.3dn.nl/2009/11/25/iptabes-nflog-support-in-vuurmuur/
> 
> I'm curious about something I found out in the process. I've had
> ulogd2 running alongside vuurmuur for a while and configured it to
> listen to a specific nflog-group. When I had ulogd2 running I would
> not be able to run vuurmuur_log which also listens to an nflog-group.
> It took me a while to realize that it would not work because of having
> ulogd2 running and both trying to listen to the SAME nflog-group.
> 
> Does this mean that it's not possible for two applications at the same
> time to get netfilter_log messages from the same nflog-group?

That is correct, nfnetlink_log uses unicast messages to the process
bound to the group. I'd also prefer if we had used multicast messaging,
but that can't be easily changed now.