* nfq_bind_pf() simultaneously in 2 separate programs?
@ 2011-01-10 20:31 Ajay Lele
2011-01-10 22:24 ` Eric Leblond
0 siblings, 1 reply; 4+ messages in thread
From: Ajay Lele @ 2011-01-10 20:31 UTC (permalink / raw)
To: netfilter
Hi All
I am using netfilter_queue library (version 1.0.0, nfnetlink version
1.0.0) to queue certain packets to user-space and it works great
Now I want to run 2 instances on this program simultaneously with each
program receiving and processing packets received on a different
queue. The 1st instance of program runs fine, but call to
nfq_unbind_pf()/nfq_bind_pf() for AF_INET fail in the 2nd instance
Is it not possible to use netfilter_queue APIs simultaneously in 2
programs when each one of them is listening to a separate queue? Any
other approach which can be used to get this to work? - I don't want
to merge the processing of packets on the 2 queues into a single
program
Thanks in advance
Regards
Ajay
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: nfq_bind_pf() simultaneously in 2 separate programs?
2011-01-10 20:31 nfq_bind_pf() simultaneously in 2 separate programs? Ajay Lele
@ 2011-01-10 22:24 ` Eric Leblond
2011-01-10 23:36 ` Ajay Lele
0 siblings, 1 reply; 4+ messages in thread
From: Eric Leblond @ 2011-01-10 22:24 UTC (permalink / raw)
To: Ajay Lele; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 1411 bytes --]
Hello,
Le lundi 10 janvier 2011 à 12:31 -0800, Ajay Lele a écrit :
> Hi All
>
> I am using netfilter_queue library (version 1.0.0, nfnetlink version
> 1.0.0) to queue certain packets to user-space and it works great
>
> Now I want to run 2 instances on this program simultaneously with each
> program receiving and processing packets received on a different
> queue. The 1st instance of program runs fine, but call to
> nfq_unbind_pf()/nfq_bind_pf() for AF_INET fail in the 2nd instance
>
> Is it not possible to use netfilter_queue APIs simultaneously in 2
> programs when each one of them is listening to a separate queue? Any
> other approach which can be used to get this to work? - I don't want
> to merge the processing of packets on the 2 queues into a single
> program
nfq_bind_pf() call is linking the kernel nf_queue capability with the
nfnetlink_queue module for a given protocol. This has only to be done
once on a system (as nfnetlink_queue is the only userspace queuing
module for now).
Thus your program can simply ignore the return on nfq_[un]bind_pf()
function.
BR,
>
> Thanks in advance
>
> Regards
> Ajay
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Eric Leblond <eric@regit.org>
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 190 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: nfq_bind_pf() simultaneously in 2 separate programs?
2011-01-10 22:24 ` Eric Leblond
@ 2011-01-10 23:36 ` Ajay Lele
2011-01-11 2:01 ` Eric Leblond
0 siblings, 1 reply; 4+ messages in thread
From: Ajay Lele @ 2011-01-10 23:36 UTC (permalink / raw)
To: Eric Leblond; +Cc: netfilter
On Mon, Jan 10, 2011 at 2:24 PM, Eric Leblond <eric@regit.org> wrote:
> Hello,
>
> Le lundi 10 janvier 2011 à 12:31 -0800, Ajay Lele a écrit :
>> Hi All
>>
>> I am using netfilter_queue library (version 1.0.0, nfnetlink version
>> 1.0.0) to queue certain packets to user-space and it works great
>>
>> Now I want to run 2 instances on this program simultaneously with each
>> program receiving and processing packets received on a different
>> queue. The 1st instance of program runs fine, but call to
>> nfq_unbind_pf()/nfq_bind_pf() for AF_INET fail in the 2nd instance
>>
>> Is it not possible to use netfilter_queue APIs simultaneously in 2
>> programs when each one of them is listening to a separate queue? Any
>> other approach which can be used to get this to work? - I don't want
>> to merge the processing of packets on the 2 queues into a single
>> program
>
> nfq_bind_pf() call is linking the kernel nf_queue capability with the
> nfnetlink_queue module for a given protocol. This has only to be done
> once on a system (as nfnetlink_queue is the only userspace queuing
> module for now).
>
> Thus your program can simply ignore the return on nfq_[un]bind_pf()
> function.
Thanks Eric for your quick reply
I tried ignoring the return from nfq_[un]bind_pf() but
nfq_create_queue() fails with return value NULL. Target machine is
running CentOS 5.3
Regards
Ajay
>
> BR,
>
>>
>> Thanks in advance
>>
>> Regards
>> Ajay
>> --
>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> --
> Eric Leblond <eric@regit.org>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: nfq_bind_pf() simultaneously in 2 separate programs?
2011-01-10 23:36 ` Ajay Lele
@ 2011-01-11 2:01 ` Eric Leblond
0 siblings, 0 replies; 4+ messages in thread
From: Eric Leblond @ 2011-01-11 2:01 UTC (permalink / raw)
To: Ajay Lele; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 2350 bytes --]
Hi,
Le lundi 10 janvier 2011 à 15:36 -0800, Ajay Lele a écrit :
> On Mon, Jan 10, 2011 at 2:24 PM, Eric Leblond <eric@regit.org> wrote:
> > Hello,
> >
> > Le lundi 10 janvier 2011 à 12:31 -0800, Ajay Lele a écrit :
> >> Hi All
> >>
> >> I am using netfilter_queue library (version 1.0.0, nfnetlink version
> >> 1.0.0) to queue certain packets to user-space and it works great
> >>
> >> Now I want to run 2 instances on this program simultaneously with each
> >> program receiving and processing packets received on a different
> >> queue. The 1st instance of program runs fine, but call to
> >> nfq_unbind_pf()/nfq_bind_pf() for AF_INET fail in the 2nd instance
> >>
> >> Is it not possible to use netfilter_queue APIs simultaneously in 2
> >> programs when each one of them is listening to a separate queue? Any
> >> other approach which can be used to get this to work? - I don't want
> >> to merge the processing of packets on the 2 queues into a single
> >> program
> >
> > nfq_bind_pf() call is linking the kernel nf_queue capability with the
> > nfnetlink_queue module for a given protocol. This has only to be done
> > once on a system (as nfnetlink_queue is the only userspace queuing
> > module for now).
> >
> > Thus your program can simply ignore the return on nfq_[un]bind_pf()
> > function.
>
> Thanks Eric for your quick reply
>
> I tried ignoring the return from nfq_[un]bind_pf() but
> nfq_create_queue() fails with return value NULL. Target machine is
> running CentOS 5.3
NFQ initialisation in NuFW is working fine since some years now. You can
find it here:
https://nufw.edenwall.com/projects/nufw/repository/revisions/master/entry/src/nufw/packetsrv.c#L219
BR,
>
> Regards
> Ajay
>
> >
> > BR,
> >
> >>
> >> Thanks in advance
> >>
> >> Regards
> >> Ajay
> >> --
> >> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> >> the body of a message to majordomo@vger.kernel.org
> >> More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
> > --
> > Eric Leblond <eric@regit.org>
> >
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Eric Leblond <eric@regit.org>
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 190 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-01-11 2:01 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-01-10 20:31 nfq_bind_pf() simultaneously in 2 separate programs? Ajay Lele
2011-01-10 22:24 ` Eric Leblond
2011-01-10 23:36 ` Ajay Lele
2011-01-11 2:01 ` Eric Leblond
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox