- 论坛徽章:
- 0
|
最近在探索l7-filter-userspace,使用包里默认的配置文件,在执行l7-filter -f <configfile> -v -v -v -v 以后输出:
- unbinding existing nf_queue handler for AF_INET (if any)
- binding nfnetlink_queue as nf_queue handler for AF_INET
- binding this socket to queue '0'
- setting copy_packet mode
复制代码
然后就停止不动,看了下程序,是在void l7_queue::start(int queuenum) 中阻塞:
- ...
- l7printf(3, "setting copy_packet mode\n");
- if(nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
- cerr << "can't set packet_copy mode\n";
- exit(1);
- }
- nh = nfq_nfnlh(h);
- fd = nfnl_fd(nh);
- // this is the main loop
- while (true){
- while ((rv = recv(fd, buf, sizeof(buf), 0)) && rv >= 0)
- nfq_handle_packet(h, buf, rv);
- ...
复制代码
即recv()函数阻塞,我的理解是l7-filter没有受到iptables发过来的封包;
又查了半天iptables的配置,因为之前没怎么接触过,还是没有头绪,以下是iptables的配置:
- [root@fedora7 sysconfig]# vi /etc/sysconfig/iptables
- # Firewall configuration written by system-config-securitylevel
- # Manual customization of this file is not recommended.
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A FORWARD -j NFQUEUE
- COMMIT
- *mangle
- :PREROUTING ACCEPT [0:0]
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- COMMIT
- [root@fedora7 sysconfig]# iptables -L
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- Chain FORWARD (policy ACCEPT)
- target prot opt source destination
- NFQUEUE 0 -- anywhere anywhere NFQUEUE num 0
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
复制代码
日志文件中有类似输出:
- Jan 30 16:20:28 fedora7 kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
- Jan 30 16:23:09 fedora7 kernel: ip_conntrack version 2.4 (4090 buckets, 32720 max) - 196 bytes per conntrack
- Jan 30 16:23:09 fedora7 kernel: ctnetlink v0.90: registering with nfnetlink.
复制代码
机器有两个网卡:
- [root@fedora7 sysconfig]# ifconfig -a
- eth0 Link encap:Ethernet HWaddr 00:08:A1:05:24:B5
- inet addr:192.168.5.200 Bcast:192.168.5.255 Mask:255.255.255.0
- inet6 addr: fe80::208:a1ff:fe05:24b5/64 Scope:Link
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:208405 errors:0 dropped:0 overruns:0 frame:0
- TX packets:40379 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:23832515 (22.7 MiB) TX bytes:15146954 (14.4 MiB)
- Interrupt:11 Base address:0xd800
- eth1 Link encap:Ethernet HWaddr 00:08:A1:05:22:9F
- inet addr:192.168.5.254 Bcast:192.168.5.255 Mask:255.255.255.0
- inet6 addr: fe80::208:a1ff:fe05:229f/64 Scope:Link
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:6785040 errors:0 dropped:0 overruns:0 frame:0
- TX packets:823 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:3537398437 (3.2 GiB) TX bytes:41836 (40.8 KiB)
- Interrupt:9 Base address:0xd400
- lo Link encap:Local Loopback
- inet addr:127.0.0.1 Mask:255.0.0.0
- inet6 addr: ::1/128 Scope:Host
- UP LOOPBACK RUNNING MTU:16436 Metric:1
- RX packets:4138 errors:0 dropped:0 overruns:0 frame:0
- TX packets:4138 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:0
- RX bytes:23549732 (22.4 MiB) TX bytes:23549732 (22.4 MiB)
复制代码
其中eth0是交换机镜像输出的端口(不过也可以从该地址登录上来),eth1是控制端口,也可以从该地址登录上来。
各位帮我看看问题大概出在那一步?谢谢。
[ 本帖最后由 digex 于 2008-1-30 16:35 编辑 ] |
|