[Bug 941] New: --queue-balance sending all traffic to queue 0
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Mon May 19 04:46:08 CEST 2014
https://bugzilla.netfilter.org/show_bug.cgi?id=941
Summary: --queue-balance sending all traffic to queue 0
Product: netfilter/iptables
Version: linux-2.6.x
Platform: x86_64
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: nfnetlink_queue
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: dnadle at hotmail.com
Estimated Hours: 0.0
I have this forwarding rule in my iptables:
-A FORWARD -j NFQUEUE --queue-balance 0:3
The queues are processed by Suricata. Suricata stats show no activity on queues
1:3. Also, /proc/net/netfilter/nfnetlink_queue looks like this soon after a
reboot:
$ sudo cat /proc/net/netfilter/nfnetlink_queue
0 2010 0 2 65535 0 0 92116 1
1 -4195 0 2 65535 0 0 0 1
2 -4196 0 2 65535 0 0 0 1
3 -4197 0 2 65535 0 0 0 1
If instead I set rules like:
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j NFQUEUE
--queue-num 0
-A FORWARD -i eth1 -o eth0 -j NFQUEUE --queue-num 1
Suricata stats.log and /proc/net/netfilter/nfnetlink_queue report activity on
both queues. I can't find any previous report of this issue online. Please
advise.
Additional information:
OS: Centos 6.5
Kernel: 2.6.32-431.17.1.el6.x86_64
iptables: 1.4.7-11.el6
libnetfilter_queue: 0.0.15-1
libnfnetlink: 1.0.0-1.el6
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the netfilter-buglog
mailing list