nfq_unbind_pf() fails with kernel 2.6.23

nfq_unbind_pf() fails with kernel 2.6.23

[S. Sakar]

[-- Attachment #1: Type: text/plain, Size: 349 bytes --]

hi,
I don't seem to be able to run the nfqnl_test code with kernel 2.6.23
(amd64).
It prints the following:

>opening library handle
>unbinding existing nf_queue handler for AF_INET (if any)
>NFNETLINK answers: Invalid argument
>error during nfq_unbind_pf()

The version that are used:
libnfnetlink 0.0.25
libnetfilter-queue 0.0.13

regards
Serkan


[-- Attachment #2: nfqnl_test.c --]
[-- Type: text/x-csrc, Size: 2532 bytes --]


#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <netinet/in.h>
#include <linux/netfilter.h>		/* for NF_ACCEPT */

#include <libnetfilter_queue/libnetfilter_queue.h>

/* returns packet id */
static u_int32_t print_pkt (struct nfq_data *tb)
{
	int id = 0;
	struct nfqnl_msg_packet_hdr *ph;
	u_int32_t mark,ifi; 
	int ret;
	char *data;
	
	ph = nfq_get_msg_packet_hdr(tb);
	if (ph){
		id = ntohl(ph->packet_id);
		printf("hw_protocol=0x%04x hook=%u id=%u ",
			ntohs(ph->hw_protocol), ph->hook, id);
	}
	
	mark = nfq_get_nfmark(tb);
	if (mark)
		printf("mark=%u ", mark);

	ifi = nfq_get_indev(tb);
	if (ifi)
		printf("indev=%u ", ifi);

	ifi = nfq_get_outdev(tb);
	if (ifi)
		printf("outdev=%u ", ifi);

	ret = nfq_get_payload(tb, &data);
	if (ret >= 0)
		printf("payload_len=%d ", ret);

	fputc('\n', stdout);

	return id;
}
	

static int cb(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg,
	      struct nfq_data *nfa, void *data)
{
	u_int32_t id = print_pkt(nfa);
	printf("entering callback\n");
	return nfq_set_verdict(qh, id, NF_ACCEPT, 0, NULL);
}

int main(int argc, char **argv)
{
	struct nfq_handle *h;
	struct nfq_q_handle *qh;
	struct nfnl_handle *nh;
	int fd;
	int rv;
	char buf[4096];

	printf("opening library handle\n");
	h = nfq_open();
	if (!h) {
		fprintf(stderr, "error during nfq_open()\n");
		exit(1);
	}

	printf("unbinding existing nf_queue handler for AF_INET (if any)\n");
	if (nfq_unbind_pf(h, AF_INET) < 0) {
		fprintf(stderr, "error during nfq_unbind_pf()\n");
		exit(1);
	}

	printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n");
	if (nfq_bind_pf(h, AF_INET) < 0) {
		fprintf(stderr, "error during nfq_bind_pf()\n");
		exit(1);
	}

	printf("binding this socket to queue '0'\n");
	qh = nfq_create_queue(h,  0, &cb, NULL);
	if (!qh) {
		fprintf(stderr, "error during nfq_create_queue()\n");
		exit(1);
	}

	printf("setting copy_packet mode\n");
	if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
		fprintf(stderr, "can't set packet_copy mode\n");
		exit(1);
	}

	nh = nfq_nfnlh(h);
	fd = nfnl_fd(nh);

	while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0) {
		printf("pkt received\n");
		nfq_handle_packet(h, buf, rv);
	}

	printf("unbinding from queue 0\n");
	nfq_destroy_queue(qh);

#ifdef INSANE
	/* normally, applications SHOULD NOT issue this command, since
	 * it detaches other programs/sockets from AF_INET, too ! */
	printf("unbinding from AF_INET\n");
	nfq_unbind_pf(h, AF_INET);
#endif

	printf("closing library handle\n");
	nfq_close(h);

	exit(0);
}

Re: nfq_unbind_pf() fails with kernel 2.6.23

[Patrick McHardy]

S. Sakar wrote:
> hi,
> I don't seem to be able to run the nfqnl_test code with kernel 2.6.23
> (amd64).
> It prints the following:
> 
>> opening library handle
>> unbinding existing nf_queue handler for AF_INET (if any)
>> NFNETLINK answers: Invalid argument
>> error during nfq_unbind_pf()


Yeah, we've added a check to prohibit unregistering other handlers.
The entire unregistration stuff is a horrible hack, the only reason
why it (still) exists is because registration of the same handler
returns EEXIST instead of silently ignoring it. The best fix for
now is to ignore the return value of nfq_unbind_pf().

Re: nfq_unbind_pf() fails with kernel 2.6.23

[S. Sakar]

Patrick McHardy schrieb:
> The best fix for
> now is to ignore the return value of nfq_unbind_pf().
> 

Thanks