ipq_flush doesn't work with NF_ACCEPT?
Dan Good
nfdevel at gooddan.com
Tue Oct 11 20:42:22 CEST 2005
Hi everyone,
I'm new to the list and am looking for some help. I wanted to
try a scenario where, if the user space program reading the
queue died, the remaining packets in the queue would be accepted
instead of dropped. To that end, I made a small change to
ip_queue.c in __ipq_reset to change the arg to __ipq_flush
from NF_DROP to NF_ACCEPT (diff below, based on linux 2.6.12
version).
The result seems to be that, no matter how many packets are
in the queue, only the first one arrives at the destination.
Please, can anyone shed some light on this? Thanks.
--- ip_queue.c.bak Tue Oct 11 14:40:46 2005
+++ ip_queue.c Tue Oct 11 14:40:56 2005
@@ -169,13 +169,13 @@
static inline void
__ipq_reset(void)
{
peer_pid = 0;
net_disable_timestamp();
__ipq_set_mode(IPQ_COPY_NONE, 0);
- __ipq_flush(NF_DROP);
+ __ipq_flush(NF_ACCEPT);
}
static struct ipq_queue_entry *
ipq_find_dequeue_entry(ipq_cmpfn cmpfn, unsigned long data)
{
struct ipq_queue_entry *entry;
More information about the netfilter-devel
mailing list