ipq_read() error

ipq_read() error

[Sylvie Colin]

Hi all,
I am using libipq in a C++ program to intercept packets destined to a 
particular host at the Forward hook : the rule "iptables -A FORWARD -j 
QUEUE -d <IPdest>" is installed.
The program waits on multiple file descriptors using select() and, when 
input data gets available on the IPQ netlink socket, it gets the IP 
packet using ipq_read() and sets the verdict to NF_DROP. It works well 
except that sometimes ipq_read returns with the error IPQ_ERR_RECV 
"Failed to receive netlink message" and errno 105-ENOBUFS "no buffer 
space available". I've tried to change the kernel parameter 
net.ipv4.ip_queue_maxlen but it seems to have no effect: the entry 
/proc/net/ip_queue always shows a queue max length of 1024.
Environment: kernel 2.4.20, iptables[-devel]-1.2.6a
Could anyone explain me the reason of this error? Are any packets 
dropped when the error occurs? How can I solve it?
Thanks for help,
Sylvie


**************************************************************************************************
The contents of this email and any attachments are confidential.
It is intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or  the 
sender immediately and do not disclose the contents to anyone or make copies.

** eSafe scanned this email for viruses, vandals and malicious content **
**************************************************************************************************

ipq_read error

[Peter.Muller]

Hello!

I'm using libipq's ipq_read function in a program to read packets that were
queued to userspace by a kernel module.

When I run the program as root everything is fine. ipq_read gets all the
queued messages. If the program is run with user privileges ipq_read fails.
ipq_get_msgerr(buf) returns 1 and ipq_errstr returns "Unknown error".

In the program I do the following:

[left out]

int status;
unsigned char buf[2048];
struct ipq_handle *h;
h = ipq_create_handle(0, PF_INET);
if (!h)
    die(h);

status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);
if (status < 0)
    die(h);

status = ipq_read(h, buf, BUFSIZE, 0);
printf("Received packet!\n");
if (status < 0)
    die(h);
printf("Alive!\n");
switch (ipq_message_type(buf)) {
    case NLMSG_ERROR:
        fprintf(stderr, "Received error message %d\n",
            ipq_get_msgerr(buf));
        break;

[left out]

Does ipq_read really needs root privileges or are there other solutions? Any
help on this is appreciated.

Cheers
Peter




-- 
Lust, ein paar Euro nebenbei zu verdienen? Ohne Kosten, ohne Risiko!
Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner

Re: ipq_read error

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 651 bytes --]

Hi,

Le jeudi 27 octobre 2005 à 12:08 +0200, Peter.Muller@gmx.at a écrit :
> Hello!
> 
> I'm using libipq's ipq_read function in a program to read packets that were
> queued to userspace by a kernel module.
> Does ipq_read really needs root privileges or are there other solutions? Any
> help on this is appreciated.

As the program is directly talking to the kernel, you need to be root to
be able to access libipq.

A standard solution is to switch to a given user as soon as you do not
need anymore root privileges.

BR,
-- 
Éric Leblond, eleblond@inl.fr
Téléphone : 01 44 89 46 40, Fax : 01 44 89 45 01
INL, http://www.inl.fr

[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 189 bytes --]