Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. iptables>
  3. User
Netfilter_queue test program question
acristin at gmail
Aug 29, 2007, 1:13 AM
Post #1 of 4 (4431 views)
Permalink
I've been attempting to play with netfilter_queue to see how effective
a certain similarity hashing technique would work for identifying
parts of documents being sent out over the network, but I haven't had
much progress even getting the test program to work.

I can compile and link nfq_test.c fine, using both the old versions of
libnfnetfiler and libnetfilter_queue available from ubuntu's apt, and
by using the newest released versions compiled from source.

However, in any case when I run the compiled nfq_test, the program
seems to do nothing after setting the packet copy mode. So it seems
to me as if it is perpetually waiting for a packet to be sent over the
netlink, but one never arrives, no matter how much network traffic I
have.

Am I missing some vital piece of setup? When I run nfq_test, there
are two netfilter modules loaded. Should there be more? Do they need
to be configured somehow? Is this the expected behavior?

I have tested this both on my ubuntu install and on a friend's debian,
both machines exhibit the same behavior. Any help is certainly
appreciated.
Re: Netfilter_queue test program question [ In reply to ]
swifty at freemail
Aug 29, 2007, 2:42 AM
Post #2 of 4 (4251 views)
Permalink
Andy Cristina írta:
> I've been attempting to play with netfilter_queue to see how effective
> a certain similarity hashing technique would work for identifying
> parts of documents being sent out over the network, but I haven't had
> much progress even getting the test program to work.
Just a few questions:

- Why do you want to do such things?
- How would you come over on the compressed files, MIME encodings?
- Are you attempting to stop some information thiefing?
> I can compile and link nfq_test.c fine, using both the old versions of
> libnfnetfiler and libnetfilter_queue available from ubuntu's apt, and
> by using the newest released versions compiled from source.
>
> However, in any case when I run the compiled nfq_test, the program
> seems to do nothing after setting the packet copy mode. So it seems
> to me as if it is perpetually waiting for a packet to be sent over the
> netlink, but one never arrives, no matter how much network traffic I
> have.
>
> Am I missing some vital piece of setup? When I run nfq_test, there
> are two netfilter modules loaded. Should there be more? Do they need
> to be configured somehow? Is this the expected behavior?
>
> I have tested this both on my ubuntu install and on a friend's debian,
> both machines exhibit the same behavior. Any help is certainly
> appreciated.
>
>
Swifty
Re: Netfilter_queue test program question [ In reply to ]
acristin at gmail
Aug 29, 2007, 6:21 AM
Post #3 of 4 (4241 views)
Permalink
On 8/29/07, Gáspár Lajos <swifty@freemail.hu> wrote:
> Andy Cristina írta:
> > I've been attempting to play with netfilter_queue to see how effective
> > a certain similarity hashing technique would work for identifying
> > parts of documents being sent out over the network, but I haven't had
> > much progress even getting the test program to work.
> Just a few questions:
>
> - Why do you want to do such things?
> - How would you come over on the compressed files, MIME encodings?
> - Are you attempting to stop some information thiefing?
> > I can compile and link nfq_test.c fine, using both the old versions of
> > libnfnetfiler and libnetfilter_queue available from ubuntu's apt, and
> > by using the newest released versions compiled from source.
> >
> > However, in any case when I run the compiled nfq_test, the program
> > seems to do nothing after setting the packet copy mode. So it seems
> > to me as if it is perpetually waiting for a packet to be sent over the
> > netlink, but one never arrives, no matter how much network traffic I
> > have.
> >
> > Am I missing some vital piece of setup? When I run nfq_test, there
> > are two netfilter modules loaded. Should there be more? Do they need
> > to be configured somehow? Is this the expected behavior?
> >
> > I have tested this both on my ubuntu install and on a friend's debian,
> > both machines exhibit the same behavior. Any help is certainly
> > appreciated.
> >
> >
> Swifty
>
>
>
Re: Netfilter_queue test program question [ In reply to ]
acristin at gmail
Aug 29, 2007, 10:57 AM
Post #4 of 4 (4265 views)
Permalink
> However, in any case when I run the compiled nfq_test, the program
> seems to do nothing after setting the packet copy mode. So it seems
> to me as if it is perpetually waiting for a packet to be sent over the
> netlink, but one never arrives, no matter how much network traffic I
> have.
>
> Am I missing some vital piece of setup? When I run nfq_test, there
> are two netfilter modules loaded. Should there be more? Do they need
> to be configured somehow? Is this the expected behavior?
>
> I have tested this both on my ubuntu install and on a friend's debian,
> both machines exhibit the same behavior. Any help is certainly
> appreciated.

It is amazing what a good night's sleep does to improve your ability
to read and comprehend. I was, of course, forgetting to setup an
iptable rule to queue packets, so now I can proceed.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal