|
I am able to capture packets via QUEUE, but not ULOG.
Ive have these two rules:
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ULOG 0 -- anywhere 10.0.0.2 ULOG
copy_range 0 nlgroup 1 queue_threshold 1
QUEUE 0 -- anywhere 10.0.0.1
And Im running
libnetfilter_queue/utils/nfqnl_test
and
libnetfilter_log/utils/nfulnl_test
When I ping 10.0.0.1 I get
pkt received
hw_protocol=0x0000 hook=3 id=4 outdev=3 payload_len=84
entering callback
pkt received
hw_protocol=0x0000 hook=3 id=5 outdev=3 payload_len=84
from the nfqnl_tst process.
When I ping 10.0.0.2 I get nothing from the nfulnl_test process.
When I run nfulnl_test I get this output
unbinding existing nf_log handler for AF_INET (if any)
binding nfnetlink_log to AF_INET
binding this socket to group 0
binding this socket to group 100
setting copy_packet mode
registering callback for group 0
going into main loop
The 100, and zeros worry me a little, since the iptables end talks
about groups but limits them to the range 1-32.
What have I failed to understand about ULOG?
Thank you,
--
Brian Litzinger
|
