<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html; charset=ISO-8859-1"
 http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 09/22/2010 07:54 AM, Tomas Heredia wrote:
<blockquote cite="mid:4C99EE8E.3030001@...14897..." type="cite">
  <meta content="text/html; charset=ISO-8859-1"
 http-equiv="Content-Type">
I can´t try it right now, but if I recall right, nfnetlink_queue and
ip_queue do the same thing, and shouldn´t be loaded together..<br>
Try unloading ip_queue (but keeping nfnetlink_queue)<br>
  <br>
  <br>
El 21/09/2010 04:47 p.m., spiderslack escribió:
  <blockquote cite="mid:4C990BE9.8070403@...6873..." type="cite">
    <meta content="text/html; charset=ISO-8859-1"
 http-equiv="Content-Type">
On 09/21/2010 03:34 PM, Tomas Heredia wrote:
    <blockquote cite="mid:4C9908E3.3000300@...14897..." type="cite">That
gave

me a hint... I'm recalling from past failures :-)<br>
did you "modprobe ip_queue"?<br>
could you post  your "lsmod"?</blockquote>
    <br>
  </blockquote>
</blockquote>
Hi Tomas<br>
<br>
<span id="result_box" class="long_text"><span
 style="background-color: rgb(255, 255, 255);" title="">I managed to
compile a code in C of the next page.<br>
<br>
</span><span style="background-color: rgb(255, 255, 255);" title=""><a class="moz-txt-link-freetext" href="http://www.nufw.org/doc/libnetfilter_queue/nfqnl__test_8c-source.html">http://www.nufw.org/doc/libnetfilter_queue/nfqnl__test_8c-source.html</a><br>
<br>
</span><span style="background-color: rgb(255, 255, 255);" title="">Handles
the packet and generates a NF_ACCEPT compiled with the following
command.<br>
<br>
</span><span style="background-color: rgb(255, 255, 255);" title="">root@...14985...:~/libnetfilter_queue#
gcc test1.c -o test1 -lnetfilter_queue<br>
<br>
</span><span style="background-color: rgb(255, 255, 255);" title="">after
compiling run firewall rules below and run and snort.<br>
<br>
<br>
</span><span title="">create rule iptables<br>
<br>
</span><span style="background-color: rgb(255, 255, 255);" title="">root
@ birth: ~ # iptables-t filter-I FORWARD-p tcp - dport 3389-j QUEUE<br>
</span><span style="background-color: rgb(255, 255, 255);" title="">root
@ birth: ~ # iptables-t filter-I FORWARD-p tcp - sport 3389-j QUEUE<br>
<br>
</span><span title="">snort running<br>
</span><span title=""><br>
root@...14985...:~# ps ax | grep snort<br>
24608 ?        Ss     0:00 /usr/sbin/snort -m 027 -D -Q -l
/var/log/snort -u snort -g snort -c /etc/snort/snort.conf<br>
root@...14985...:~# <br>
<br>
</span><span style="background-color: rgb(255, 255, 255);" title="">and
the module loaded nfnetlink_queue, without running the code compiled
terminal service does not work if I run the binary connection terminal
service works.<br>
<br>
root@...14985...:~/libnetfilter_queue# ./test1 <br>
opening library handle<br>
unbinding existing nf_queue handler for AF_INET (if any)<br>
binding nfnetlink_queue as nf_queue handler for AF_INET<br>
binding this socket to queue '0'<br>
setting copy_packet mode<br>
pkt received<br>
hw_protocol=0x0800 hook=2 id=0 indev=4 outdev=4 payload_len=60 <br>
entering callback<br>
pkt received<br>
hw_protocol=0x0800 hook=2 id=1 indev=4 outdev=4 payload_len=52 <br>
entering callback<br>
pkt received<br>
hw_protocol=0x0800 hook=2 id=2 indev=4 outdev=4 payload_len=96 <br>
entering callback<br>
pkt received<br>
hw_protocol=0x0800 hook=2 id=3 indev=4 outdev=4 payload_len=458 <br>
entering callback<br>
pkt received<br>
^C<br>
root@...14985...:~/libnetfilter_queue# <br>
<br>
<br>
</span><span style="background-color: rgb(255, 255, 255);" title="">I
tried to compile the code using libipq only. </span><span title="">generates
the error below.<br>
<br>
</span><span title="">root@...14985...:~# gcc test_libipq.c -o
test_libipq -lipq<br>
In file included from test_libipq.c:2:<br>
/usr/include/linux/netfilter.h:55: error: field ‘in’ has incomplete type<br>
/usr/include/linux/netfilter.h:56: error: field ‘in6’ has incomplete
type<br>
test_libipq.c: In function ‘die’:<br>
test_libipq.c:32: warning: incompatible implicit declaration of
built-in function ‘exit’<br>
root@...14985...:~#<br>
<br>
</span><span title=""><br>
</span><span title="">I believe that the latest kernel using
libnetfilter_queue and snort still uses libipq, I see no other answer. </span><span
 style="background-color: rgb(255, 255, 255);" title="">To complete my
tests I will test in yet another distribution, but if they have any
tips or anything that could help me I thank you.</span></span><br>
<br>
Regards<br>
</body>
</html>