search for: nfnetlink_queue

https://bugzilla.netfilter.org/show_bug.cgi?id=1066 Bug ID: 1066 Summary: nfq_get_timestamp() not setting timeval struc Product: libnetfilter_queue Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: libnetfilter_queue

...kgconfig/lib* | egrep "Ver|Name" Name: libmnl Version: 1.0.3 Name: libnetfilter_queue Version: 1.0.2 Name: libnfnetlink Version: 1.0.1 Name: libnftables Version: 1.0.0 [root at rh62-x86 utils]# pwd /root/ntest/libnetfilter_queue/utils insmod /lib/modules/`uname -r`/kernel/net/netfilter/nfnetlink_queue.ko [root at rh62-x86 utils]# lsmod Module Size Used by nfnetlink_queue 7851 0 installed Running nfqnl_test yields no captures: [root at rh62-x86 utils]# ./nfqnl_test opening library handle unbinding existing nf_queue handler for AF_INET (if any) binding nfnetlink_que...

...4 GNU/Linux Machine Info: 16 core machine with 64GB RAM. Command used for iptables in Centos 6.5 :- iptables -A INPUT -j NFQUEUE --queue-balance 0:1 Output In Centos 6.5 :- [varun at exp2 ~]$ ./queue0 opening library handle unbinding existing nf_queue handler for AF_INET (if any) binding nfnetlink_queue as nf_queue handler for AF_INET binding this socket to queue '0' setting copy_packet mode pkt received queue0 hw_protocol=0x0800 hook=1 id=0 hw_src_addr=fc:4d:d4:d3:7f:73 indev=2 payload_len=40 entering callback pkt received queue0 hw_protocol=0x0800 hook=1 id=1 hw_src_addr=fc:4d:d4:...

...ug.cgi?id=941 Summary: --queue-balance sending all traffic to queue 0 Product: netfilter/iptables Version: linux-2.6.x Platform: x86_64 OS/Version: other Status: NEW Severity: normal Priority: P5 Component: nfnetlink_queue AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: dnadle at hotmail.com Estimated Hours: 0.0 I have this forwarding rule in my iptables: -A FORWARD -j NFQUEUE --queue-balance 0:3 The queues are processed by Suricata. Suricata stats show no activity on queues 1:3...

...10 DS: 0000 ES: 0000 CR0: 0000000080050033 Jul 8 16:34:17 localhost kernel: [222252.785647] CR2: 0000561e9a330e8c CR3: 0000000403a10004 CR4: 00000000001606f0 Jul 8 16:34:17 localhost kernel: [222252.785648] Call Trace: Jul 8 16:34:17 localhost kernel: [222252.785654] ? nfqnl_reinject+0x38/0x50 [nfnetlink_queue] Jul 8 16:34:17 localhost kernel: [222252.785656] nfqnl_reinject+0x38/0x50 [nfnetlink_queue] Jul 8 16:34:17 localhost kernel: [222252.785658] nfqnl_recv_verdict+0x28d/0x4c0 [nfnetlink_queue] Jul 8 16:34:17 localhost kernel: [222252.785662] nfnetlink_rcv_msg+0x149/0x260 [nfnetlink] Jul 8 16:3...

...eue mechanism to modify packets on the wire that are sent from one domU to another while they travel over the dom0 bridge. This has worked fine as long as I was tinkering with UDP packets only - but when I try to reinject TCP frames with an increased length, I run into a BUG() because net/netfilter/nfnetlink_queue.c:nfqnl_mangle() calls skb_put() which requires the skb to be aligned, which it apparently isn''t in a Xen environment. I''ve ported my network scenario to a Usermode Linux setup and it''s working perfectly fine there, so I presume this has something to do with Xen''...

https://bugzilla.netfilter.org/show_bug.cgi?id=1742 Bug ID: 1742 Summary: using nfqueue breaks SCTP connection (tracking) Product: libnetfilter_queue Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: libnetfilter_queue Assignee:

...log-0.0.10.tar.bz2 This is the userspace library for nfnetlink_log in 2.6.14 It is used by the upcoming ulogd-2.00beta release Needs libnfnetlink-0.0.11 libnetfilter_queue-0.0.10 ftp://ftp.netfilter.org/pub/libnetfilter_queue/libnetfilter_queue-0.0.10.tar.bz2 This is the userspace library for nfnetlink_queue in 2.6.14 It is used by applications that traditionally used libipq NuFW already has a working port Needs libnfnetlink-0.0.11 libnetfilter_conntrack-0.0.20 ftp://ftp.netfilter.org/pub/libnetfilter_conntrack/libnetfilter_conntrack-0.0.20.tar.bz2 This is the userspace library for the ip_conntra...

Hi! The netfilter project proudly presents libnfnetlink 0.0.30 libnfnetlink is the low-level library for netfilter related kernel/userspace communication. It provides a generic messaging infrastructure for in-kernel netfilter subsystems (such as nfnetlink_log, nfnetlink_queue, nfnetlink_conntrack) and their respective users and/or management tools in userspace. You can download it from: http://www.netfilter.org/projects/libnfnetlink/downloads.html Pablo (on behalf of the Netfilter Project) -- "Ser? preciso viajar a trav?s de los ojos de los idiotas" -- Po...

http://bugzilla.netfilter.org/show_bug.cgi?id=600 Summary: ULOG target does not support --log-uid Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P1 Component: iptables AssignedTo: laforge at netfilter.org ReportedBy: dom at

...---------------------------------------------------- CC| |netfilter at linuxace.com --- Comment #7 from Phil Oester <netfilter at linuxace.com> 2013-07-02 01:23:33 CEST --- (In reply to comment #2) > Created attachment 299 [details] > augment nfnetlink_queue by socket creds Jan - some reason you didn't formally submit this patch? -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.

...------------------------------ Status|NEW |RESOLVED Resolution| |FIXED --- Comment #10 from Phil Oester <netfilter at linuxace.com> 2014-01-10 17:47:02 CET --- Support merged in net-next commit 08c0cad69f32a (netfilter: nfnetlink_queue: enable UID/GID socket info retrieval). -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.

...338 Bug ID: 1338 Summary: Can't add IPv6 concatenation rule Product: netfilter/iptables Version: unspecified Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: nfnetlink_queue Assignee: netfilter-buglog at lists.netfilter.org Reporter: abrian at netapp.com Attempting to add an ip6 address in a concatenation fails: nft add rule inet filter input ip6 saddr . udp dport fd20:332:332:0:250:56ff:fe87:f635 . 1662 counter accept <cmdline>:1:1-112: Err...

https://bugzilla.netfilter.org/show_bug.cgi?id=837 Summary: Large ICMP packets are lost Product: libnetfilter_queue Version: unspecified Platform: x86_64 OS/Version: other Status: NEW Severity: normal Priority: P5 Component: libnetfilter_queue AssignedTo: netfilter-buglog at lists.netfilter.org

...ia Netlink. * libmnl that provides basic communication infrastructure via Netlink, this library will supersede libnfnetlink. Still, we require both libraries as we are still in transition to entirely replace libnfnetlink by libmnl. * libnetfilter_log for stateless packet-based logging via nfnetlink_queue. * libnetfilter_conntrack for stateful flow-based via nf_conntrack_netlink. * libnetfilter_acct for flexible traffic accounting via nfnetlink_acct and iptables nfacct match (it requires Linux kernel >= 3.3.x). This requires a Linux kernel >= 2.6.14, but Linux kernel >= 2.6.18 is stron...

...vious URL ================================ Additional info: reporter: libreport-2.7.1 BUG: unable to handle kernel paging request at ffffc90000eb0000 IP: [<ffffffff813ec9ce>] iowrite32+0x2e/0x40 PGD 1b90a0067 PUD 1b90a1067 PMD bb976067 PTE 0 Oops: 0002 [#1] SMP Modules linked in: bnep nfnetlink_queue nfnetlink_log bluetooth rfkill xfs fuse xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_broute bridge stp llc ebtable_nat ip6table_mangle ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_security...

...exit (1); } printf ("unbinding existing nf_queue handler for AF_INET (if any)\n"); if (nfq_unbind_pf (h, AF_INET) < 0) { fprintf (stderr, "error during nfq_unbind_pf()\n"); exit (1); } printf ("binding nfnetlink_queue as nf_queue handler for AF_INET\n"); if (nfq_bind_pf (h, AF_INET) < 0) { fprintf (stderr, "error during nfq_bind_pf()\n"); exit (1); } printf ("binding this socket to queue '0'\n"); qh = nfq_create_queue (h,...

...k input priority filter; policy drop; iifname "lo" counter packets 22486 bytes 4101987 queue num 1-3 fanout . . . } I've attached dmesg output which shows failures of suricata run (squentially) with q1-3 and then with a single q4. `cat /proc/net/netfilter/nfnetlink_queue` 1 1286 0 2 65531 0 0 390 1 2 2382334644 0 2 65531 0 0 413 1 4 3099 0 2 65531 0 0 259 1 snort fails with: FATAL ERROR: Can't initialize DAQ nfq (-1) - nfq_daq_initialize: nf queue creation failed snort-2.9.16-1.fc31.x86_6...

...means to pass the packet to userspace. (How the packet can be received by a userspace process differs by the particular queue handler. 2.4.x and 2.6.x kernels up to 2.6.13 include the ip_queue queue handler. Kernels 2.6.14 and later additionally include the nfnetlink_queue queue handler. Packets with a target of QUEUE will be sent to queue number '0' in this case. Please also see the NFQUEUE target as described later in this man page.) RETURN means stop traversing this chain and resume at the next rule in the previous...

https://bugzilla.netfilter.org/show_bug.cgi?id=845 Summary: checking for LIBNFNETLINK... configure: error: Package requirements (libnfnetlink >= 0.0.41) were not met: Product: libnetfilter_queue Version: unspecified Platform: i386 OS/Version: RedHat Linux Status: NEW Severity: normal