nfulnl_test doesn't work on Ubuntu

nfulnl_test doesn't work on Ubuntu

[Ganesh Kumar]

[-- Attachment #1: Type: text/plain, Size: 574 bytes --]

dear all,

 I'm trying my hand on the NFLOG target of iptables, so I setup
the below ones on my ubuntu machine 10.4  :


libnetfilter_log-1.0.0
libnfnetlink-dev_1.0.0


$ uname -a
Linux ubuntu 2.6.32.21 #2 SMP Wed Jul 6 22:03:07 PDT 2011 i686 GNU/Linux


but when I try to build and run the utils nfulnl_test.c this is what
I'm getting using the below command
gcc -o nfulnl_test nfulnl_test.c -L /usr/local/lib/ -lnetfilter_log

$ ./nfulnl_test
binding nfnetlink_log to AF_INET
error during nflog_bind_pf()

Am I missing something, any help is appreciated.

Many thanks,
GK

[-- Attachment #2: nfulnl_test.c --]
[-- Type: text/x-csrc, Size: 2796 bytes --]


#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <netinet/in.h>

#include <libnetfilter_log/libnetfilter_log.h>

static int print_pkt(struct nflog_data *ldata)
{
	struct nfulnl_msg_packet_hdr *ph = nflog_get_msg_packet_hdr(ldata);
	u_int32_t mark = nflog_get_nfmark(ldata);
	u_int32_t indev = nflog_get_indev(ldata);
	u_int32_t outdev = nflog_get_outdev(ldata);
	char *prefix = nflog_get_prefix(ldata);
	char *payload;
	int payload_len = nflog_get_payload(ldata, &payload);
	
	if (ph) {
		printf("hw_protocol=0x%04x hook=%u ", 
			ntohs(ph->hw_protocol), ph->hook);
	}

	printf("mark=%u ", mark);

	if (indev > 0)
		printf("indev=%u ", indev);

	if (outdev > 0)
		printf("outdev=%u ", outdev);


	if (prefix) {
		printf("prefix=\"%s\" ", prefix);
	}
	if (payload_len >= 0)
		printf("payload_len=%d ", payload_len);

	fputc('\n', stdout);
	return 0;
}

static int cb(struct nflog_g_handle *gh, struct nfgenmsg *nfmsg,
		struct nflog_data *nfa, void *data)
{
	print_pkt(nfa);
}


int main(int argc, char **argv)
{
	struct nflog_handle *h;
	struct nflog_g_handle *qh;
	struct nflog_g_handle *qh100;
	int rv, fd;
	char buf[4096];

	h = nflog_open();
	if (!h) {
		fprintf(stderr, "error during nflog_open()\n");
		exit(1);
	}

	printf("unbinding existing nf_log handler for AF_INET (if any)\n");
	if (nflog_unbind_pf(h, AF_INET) < 0) {
		fprintf(stderr, "error nflog_unbind_pf()\n");
		exit(1);
	}

	printf("binding nfnetlink_log to AF_INET\n");
	if (nflog_bind_pf(h, AF_INET) < 0) {
		fprintf(stderr, "error during nflog_bind_pf()\n");
		exit(1);
	}
	printf("binding this socket to group 0\n");
	qh = nflog_bind_group(h, 0);
	if (!qh) {
		fprintf(stderr, "no handle for grup 0\n");
		exit(1);
	}

	printf("binding this socket to group 100\n");
	qh100 = nflog_bind_group(h, 100);
	if (!qh100) {
		fprintf(stderr, "no handle for group 100\n");
		exit(1);
	}

	printf("setting copy_packet mode\n");
	if (nflog_set_mode(qh, NFULNL_COPY_PACKET, 0xffff) < 0) {
		fprintf(stderr, "can't set packet copy mode\n");
		exit(1);
	}

	fd = nflog_fd(h);

	printf("registering callback for group 0\n");
	nflog_callback_register(qh, &cb, NULL);

	printf("going into main loop\n");
	while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
		struct nlmsghdr *nlh;
		printf("pkt received (len=%u)\n", rv);

		/* handle messages in just-received packet */
		nflog_handle_packet(h, buf, rv);
	}

	printf("unbinding from group 100\n");
	nflog_unbind_group(qh100);
	printf("unbinding from group 0\n");
	nflog_unbind_group(qh);

#ifdef INSANE
	/* norally, applications SHOULD NOT issue this command,
	 * since it detaches other programs/sockets from AF_INET, too ! */
	printf("unbinding from AF_INET\n");
	nflog_unbind_pf(h, AF_INET);
#endif

	printf("closing handle\n");
	nflog_close(h);

	exit(0);
}

Re: nfulnl_test doesn't work on Ubuntu

[Eric Dumazet]

Le jeudi 23 février 2012 à 12:00 +0530, Ganesh Kumar a écrit :
> dear all,
> 
>  I'm trying my hand on the NFLOG target of iptables, so I setup
> the below ones on my ubuntu machine 10.4  :
> 
> 
> libnetfilter_log-1.0.0
> libnfnetlink-dev_1.0.0
> 
> 
> $ uname -a
> Linux ubuntu 2.6.32.21 #2 SMP Wed Jul 6 22:03:07 PDT 2011 i686 GNU/Linux
> 
> 
> but when I try to build and run the utils nfulnl_test.c this is what
> I'm getting using the below command
> gcc -o nfulnl_test nfulnl_test.c -L /usr/local/lib/ -lnetfilter_log
> 
> $ ./nfulnl_test
> binding nfnetlink_log to AF_INET
> error during nflog_bind_pf()
> 
> Am I missing something, any help is appreciated.
> 
> Many thanks,
> GK

It works well on ubuntu 11.10 & 11.04, not sure for 10.04

Could you check if you can load nfnetlink_log module ?

modprobe nfnetlink_log



--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: nfulnl_test doesn't work on Ubuntu

[Ganesh Kumar]

Hi Eric,

   Thanks for a fast reply.
I tried modprobe nfnetlink_log

this is what I get in dmesg

[2054919.049919] Netfilter messages via NETLINK v0.30.

gakumar@krishna-desktop:~/PacketFilter/libnetfilter_log-1.0.0/utils$
./nfulnl_test
binding nfnetlink_log to AF_INET
error during nflog_bind_pf()
gakumar@krishna-desktop:~/PacketFilter/libnetfilter_log-1.0.0/utils$

These are the contents of
gakumar@krishna-desktop:~/PacketFilter/libnetfilter_log-1.0.0/utils$
ls /usr/local/lib/
libnetfilter_log.a                   libnetfilter_log_libipulog.so.1
   libnfnetlink.a                       pkgconfig/
libnetfilter_log.la
libnetfilter_log_libipulog.so.1.0.0  libnfnetlink.la
   python2.6/
libnetfilter_log_libipulog.a         libnetfilter_log.so
   libnfnetlink.so
libnetfilter_log_libipulog.la        libnetfilter_log.so.1
   libnfnetlink.so.0
libnetfilter_log_libipulog.so        libnetfilter_log.so.1.1.0
   libnfnetlink.so.0.2.0
gakumar@krishna-desktop:~/PacketFilter/libnetfilter_log-1.0.0/utils$

Hope its installed properly.
anything else I need to fix/check

Many Thanks,
Ganesh

On 2/23/12, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> Le jeudi 23 février 2012 à 12:00 +0530, Ganesh Kumar a écrit :
>> dear all,
>>
>>  I'm trying my hand on the NFLOG target of iptables, so I setup
>> the below ones on my ubuntu machine 10.4  :
>>
>>
>> libnetfilter_log-1.0.0
>> libnfnetlink-dev_1.0.0
>>
>>
>> $ uname -a
>> Linux ubuntu 2.6.32.21 #2 SMP Wed Jul 6 22:03:07 PDT 2011 i686 GNU/Linux
>>
>>
>> but when I try to build and run the utils nfulnl_test.c this is what
>> I'm getting using the below command
>> gcc -o nfulnl_test nfulnl_test.c -L /usr/local/lib/ -lnetfilter_log
>>
>> $ ./nfulnl_test
>> binding nfnetlink_log to AF_INET
>> error during nflog_bind_pf()
>>
>> Am I missing something, any help is appreciated.
>>
>> Many thanks,
>> GK
>
> It works well on ubuntu 11.10 & 11.04, not sure for 10.04
>
> Could you check if you can load nfnetlink_log module ?
>
> modprobe nfnetlink_log
>
>
>
>


-- 
Ganesh Kumar NM

Experience is what causes a person to make
new  mistakes  instead  of old ones.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: nfulnl_test doesn't work on Ubuntu

[Eric Dumazet]

Le jeudi 23 février 2012 à 13:05 +0530, Ganesh Kumar a écrit :
> Hi Eric,
> 
>    Thanks for a fast reply.
> I tried modprobe nfnetlink_log
> 
> this is what I get in dmesg
> 
> [2054919.049919] Netfilter messages via NETLINK v0.30.
> 
> gakumar@krishna-desktop:~/PacketFilter/libnetfilter_log-1.0.0/utils$
> ./nfulnl_test
> binding nfnetlink_log to AF_INET
> error during nflog_bind_pf()
> gakumar@krishna-desktop:~/PacketFilter/libnetfilter_log-1.0.0/utils$
> 
> These are the contents of
> gakumar@krishna-desktop:~/PacketFilter/libnetfilter_log-1.0.0/utils$
> ls /usr/local/lib/
> libnetfilter_log.a                   libnetfilter_log_libipulog.so.1
>    libnfnetlink.a                       pkgconfig/
> libnetfilter_log.la
> libnetfilter_log_libipulog.so.1.0.0  libnfnetlink.la
>    python2.6/
> libnetfilter_log_libipulog.a         libnetfilter_log.so
>    libnfnetlink.so
> libnetfilter_log_libipulog.la        libnetfilter_log.so.1
>    libnfnetlink.so.0
> libnetfilter_log_libipulog.so        libnetfilter_log.so.1.1.0
>    libnfnetlink.so.0.2.0
> gakumar@krishna-desktop:~/PacketFilter/libnetfilter_log-1.0.0/utils$
> 
> Hope its installed properly.
> anything else I need to fix/check
> 

You have to be root 

sudo ./nfulnl_test



--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: nfulnl_test doesn't work on Ubuntu

[Ganesh Kumar]

Hi Eric,

  Thanks, now did  sudo, this is what I get;

 gakumar@krishna-desktop:~/PacketFilter/libnetfilter_log-1.0.0/utils$
sudo ./nfulnl_test
[sudo] password for gakumar:
/home/gakumar/PacketFilter/libnetfilter_log-1.0.0/utils/.libs/lt-nfulnl_test:
error while loading shared libraries: libnfnetlink.so.0: cannot open
shared object file: No such file or directory
gakumar@krishna-desktop:~/PacketFilter/libnetfilter_log-1.0.0/utils$
echo $LD_LIBRARY_PATH
/opt/qnx641/host/linux/x86/usr/lib:/opt/qnx650/host/linux/x86/usr/lib:/usr/local/lib/
gakumar@krishna-desktop:~/PacketFilter/libnetfilter_log-1.0.0/utils$

gakumar@krishna-desktop:~/PacketFilter/libnetfilter_log-1.0.0/utils$
ls /usr/local/lib/
libnetfilter_log.a                   libnetfilter_log_libipulog.so.1
   libnfnetlink.a                       pkgconfig/
libnetfilter_log.la
libnetfilter_log_libipulog.so.1.0.0  libnfnetlink.la
   python2.6/
libnetfilter_log_libipulog.a         libnetfilter_log.so
   libnfnetlink.so
libnetfilter_log_libipulog.la        libnetfilter_log.so.1
   libnfnetlink.so.0
libnetfilter_log_libipulog.so        libnetfilter_log.so.1.1.0
   libnfnetlink.so.0.2.0
gakumar@krishna-desktop:~/PacketFilter/libnetfilter_log-1.0.0/utils$


wondering why its not able to locate the .so

Thanks,
Ganesh


On 2/23/12, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> Le jeudi 23 février 2012 à 13:05 +0530, Ganesh Kumar a écrit :
>> Hi Eric,
>>
>>    Thanks for a fast reply.
>> I tried modprobe nfnetlink_log
>>
>> this is what I get in dmesg
>>
>> [2054919.049919] Netfilter messages via NETLINK v0.30.
>>
>> gakumar@krishna-desktop:~/PacketFilter/libnetfilter_log-1.0.0/utils$
>> ./nfulnl_test
>> binding nfnetlink_log to AF_INET
>> error during nflog_bind_pf()
>> gakumar@krishna-desktop:~/PacketFilter/libnetfilter_log-1.0.0/utils$
>>
>> These are the contents of
>> gakumar@krishna-desktop:~/PacketFilter/libnetfilter_log-1.0.0/utils$
>> ls /usr/local/lib/
>> libnetfilter_log.a                   libnetfilter_log_libipulog.so.1
>>    libnfnetlink.a                       pkgconfig/
>> libnetfilter_log.la
>> libnetfilter_log_libipulog.so.1.0.0  libnfnetlink.la
>>    python2.6/
>> libnetfilter_log_libipulog.a         libnetfilter_log.so
>>    libnfnetlink.so
>> libnetfilter_log_libipulog.la        libnetfilter_log.so.1
>>    libnfnetlink.so.0
>> libnetfilter_log_libipulog.so        libnetfilter_log.so.1.1.0
>>    libnfnetlink.so.0.2.0
>> gakumar@krishna-desktop:~/PacketFilter/libnetfilter_log-1.0.0/utils$
>>
>> Hope its installed properly.
>> anything else I need to fix/check
>>
>
> You have to be root
>
> sudo ./nfulnl_test
>
>
>
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html