* libnetfilter_queue
@ 2012-02-01 15:58 U.Mutlu
2012-02-02 18:39 ` libnetfilter_queue Pablo Neira Ayuso
0 siblings, 1 reply; 3+ messages in thread
From: U.Mutlu @ 2012-02-01 15:58 UTC (permalink / raw)
To: netfilter-devel
Hi,
who is the current maintainer of libnetfilter_queue?
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: libnetfilter_queue
2012-02-01 15:58 libnetfilter_queue U.Mutlu
@ 2012-02-02 18:39 ` Pablo Neira Ayuso
2012-02-02 20:04 ` libnetfilter_queue U.Mutlu
0 siblings, 1 reply; 3+ messages in thread
From: Pablo Neira Ayuso @ 2012-02-02 18:39 UTC (permalink / raw)
To: U.Mutlu; +Cc: netfilter-devel
On Wed, Feb 01, 2012 at 04:58:29PM +0100, U.Mutlu wrote:
> Hi,
> who is the current maintainer of libnetfilter_queue?
Me.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: libnetfilter_queue
2012-02-02 18:39 ` libnetfilter_queue Pablo Neira Ayuso
@ 2012-02-02 20:04 ` U.Mutlu
0 siblings, 0 replies; 3+ messages in thread
From: U.Mutlu @ 2012-02-02 20:04 UTC (permalink / raw)
To: netfilter-devel
Pablo Neira Ayuso wrote, On 02/02/12 19:39:
> On Wed, Feb 01, 2012 at 04:58:29PM +0100, U.Mutlu wrote:
>> Hi,
>> who is the current maintainer of libnetfilter_queue?
>
> Me.
Oh thanks, I tried to use the demo in a virtual environment
under LXC and openvz (both actually chrooted environments)
but "something" seems to be missing as it doesn't work in
virtual environment, though it works in normal environment.
Exactly same problem happens with the netfilter demo in libmnl.
Here's the relevant strace-output (that's happening in the lib):
...
socket(PF_NETLINK, SOCK_RAW, 12) = 5
getsockname(5, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 0
gettimeofday({1328152478, 343070}, NULL) = 0
bind(5, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(5, {sa_family=AF_NETLINK, pid=514, groups=00000000}, [12]) = 0
bind(5, {sa_family=AF_NETLINK, pid=514, groups=00000000}, 12) = 0
sendto(5, "\34\0\0\0\2\3\5\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\1\0\4\36\0\2", 28, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = -1 EC
sendto(5, "\34\0\0\0\2\3\5\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\1\0\3\36\0\2", 28, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = -1 EC
sendto(5, "\34\0\0\0\2\3\5\0\0\0\0\0\0\0\0\0\0\0\22h\10\0\1\0\1\0\0\0", 28, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = -1 ECO
close(5) = 0
futex(0x1f96fc4, FUTEX_WAIT_PRIVATE, 1, NULL) = 0
futex(0x1f96f98, FUTEX_WAKE_PRIVATE, 1) = 0
...
So, sendto() to the netlink fails.
What's the reason, and what's needed to get the demo working?
Have you tested it in such virtual environments?
My guess:
I think it's a permission problem, but I don't know what kind of.
My guess is this: it runs under root account only, but the root
in the virtual environment is not the root in the normal environment,
each environment has its own root, and they differ. The uid, pid etc. in
the VM are just "translated" uid and pid I think, I think the problem lies herein.
I would appeciate it if it could be made to work also in VMs.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-02-02 20:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-02-01 15:58 libnetfilter_queue U.Mutlu
2012-02-02 18:39 ` libnetfilter_queue Pablo Neira Ayuso
2012-02-02 20:04 ` libnetfilter_queue U.Mutlu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).