FW: QUEUE problem on RH-E-WS-4

FW: QUEUE problem on RH-E-WS-4

[Michael D. Berger]

In:
   /usr/src/kernels/2.6.9-5.EL-i686/.config
I find:
   CONFIG_IP_NF_QUEUE=m

where other items have "=y" instrad of "=m".
Might this be related to my problem?  Do I
have to recompile the kernel?
Thanks,
Mike.

--
Michael D. Berger
m.d.berger@ieee.org 

> -----Original Message-----
> From: netfilter-bounces@lists.netfilter.org 
> [mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of 
> Michael D. Berger
> Sent: Saturday, May 07, 2005 2:44 PM
> To: netfilter
> Subject: QUEUE problem on RH-E-WS-4
> 
> 
> Using RH-E-WS-4 that has kernel kernel-2.6.9-5.EL,
> all freshly installed, I downloaded and installed
> iptables-1.3.1 using the install script shown below.
> 
> I wrote the simple test program below, following
> man libipq.
> 
> When I run it, and then send pings from another
> box, the program prints "started", and nothing
> else, indicating that the ipq_read never returns.
> The pings get no response.  I note that if I
> change QUEUE to ACCEPT in the iptables -A, the
> pings respond appropriately.
> 
> Advice would be much appreciated.
> 
> Mike.
> 
> --
> Michael D. Berger
> m.d.berger@ieee.org 
> --
> 
> *** install script ***
> 
> make KERNEL_DIR=/usr/src BINDIR=/usr/bin LIBDIR=/usr/lib
> MANDIR=/usr/share/man
> make install KERNEL_DIR=/usr/src BINDIR=/usr/bin LIBDIR=/usr/lib
> MANDIR=/usr/share/man install
> make install KERNEL_DIR=/usr/src BINDIR=/usr/bin LIBDIR=/usr/lib
> MANDIR=/usr/share/man install-devel
> 
> *** start sequence ***
> 
> modprobe iptable_filter
> modprobe ip_queue
> iptables -A OUTPUT -p icmp -j QUEUE
> netqueue # the name of my program
> 
> *** iptables-save output ***
> 
> # Generated by iptables-save v1.2.11 on Sat May  7 14:03:44 2005
> *filter
> :INPUT ACCEPT [30:6804]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [46:5164]
> -A OUTPUT -p icmp -j QUEUE 
> COMMIT
> # Completed on Sat May  7 14:03:44 2005
> 
> *** code ***
> 
> // netqueue.c 05/07/05
> 
> #include <linux/netfilter.h>
> #include <libipq.h>
> #include <stdio.h>
> 
> #define BUFSIZE 2048
> 
> static void die (struct ipq_handle *hand)
> {
>    ipq_perror("passer");
>    ipq_destroy_handle(hand);
>    exit(1);
> }
> 
> int main(int argc, char* argv[])
> {
>    int                     status;
>    unsigned char           buf[BUFSIZE];
>    struct ipq_handle*   	ipqHand;
> 
> 	ipqHand = ipq_create_handle(0,PF_INET);
> 
> 	if (ipqHand == 0)
> 		die(ipqHand);
> 
> 	int cnt = 0;
> 	while (cnt++ < 3)
> 	{
> 		fprintf(stderr,"started\n");
> 		status = ipq_read(ipqHand,buf,BUFSIZE,0);
> 		fprintf(stderr,"read\n");
> 
> 		if (status < 0)
> 			die(ipqHand);
> 
> 		switch(ipq_message_type(buf))
> 		{
> 			case NLMSG_ERROR:
> 				fprintf(stderr,"Error msg:
> %s\n",ipq_get_msgerr(buf));
> 			break;
> 
> 			default:
>          {
>             ipq_packet_msg_t*    msg = ipq_get_packet(buf);
> 				fprintf (stderr,"Type =
> %d\n",ipq_message_type(buf));
>             status = ipq_set_verdict(ipqHand,msg->packet_id,
>                         NF_ACCEPT,0,NULL);
>             if (status < 0)
>                die(ipqHand);
>          }
> 		};
> 	}
> 
> 	ipq_destroy_handle(ipqHand);
>    return 0;
> }
> 
> 
> 
> 

Re: FW: QUEUE problem on RH-E-WS-4

[Taylor, Grant]

Michael D. Berger wrote:
> In:
>    /usr/src/kernels/2.6.9-5.EL-i686/.config
> I find:
>    CONFIG_IP_NF_QUEUE=m
> 
> where other items have "=y" instrad of "=m".
> Might this be related to my problem?  Do I
> have to recompile the kernel?
> Thanks,
> Mike.

All the "=m" means is that the NF_QUEUE code was compiled as a module and would need to be insmod(ed) or modprobe(ed) before you could use it to make sure that the kernel has the module loaded.  Sorry, I can't help you with libipq directly as I know nothing about it.  :(



Grant. . . .