Hi, all.
My program process multiple NFQUEUEs by creating a separate thread
for every NFQUEUE. An each thread do recv() and nfq_set_verdict2():
main()
{
...
for(i = 0; i < q_cnt; i++) {
ret = pthread_create(&(thread_data[i].id), NULL, thread_start,
&thread_data[i].nfq_num);
if (ret != 0) {
fprintf(stderr, "thread creation error: %s", strerror(ret));
exit(EXIT_FAILURE);
}
}
...
}
static void*
thread_start(void *data)
{
struct nfq_handle *h;
int fd, n;
static char *pkt_buf;
unsigned int nfq_num = *(unsigned int*)data;
pkt_buf = (char*)malloc(80000);
if (!pkt_buf) {
fprintf(stderr, "packet buffer allocating error: no memory");
exit(EXIT_FAILURE);
}
h = init_nfq(nfq_num);
fd = nfq_fd(h);
while ((n = recv(fd, pkt_buf, 80000, 0)) > 0) {
nfq_handle_packet(h, pkt_buf, n);
}
...
}
static struct nfq_handle*
init_nfq(unsigned int nfq_num)
{
struct nfq_handle *h;
struct nfq_q_handle *qh;
h = nfq_open();
if (!h) {
fprintf(stderr, "nfq error: queue %d nfq_open() error",
nfq_num);
exit(EXIT_FAILURE);
}
if (nfq_unbind_pf(h, AF_INET) < 0) {
fprintf(stderr, "nfq error: queue %d nfq_bind_pf() error",
nfq_num);
exit(EXIT_FAILURE);
}
if (nfq_bind_pf(h, AF_INET) < 0) {
fprintf(stderr, "nfq error: queue %d nfq_bind_pf() error",
nfq_num);
exit(EXIT_FAILURE);
}
qh = nfq_create_queue(h, nfq_num, &cb, NULL);
if (!qh) {
fprintf(stderr, "nfq error: queue %d nfq_create_queue() error",
nfq_num);
exit(EXIT_FAILURE);
}
if (nfq_set_mode(qh, NFQNL_COPY_PACKET, 0xffff) < 0) {
fprintf(stderr, "nfq error: queue %d nfq_set_mode() error",
nfq_num);
exit(EXIT_FAILURE);
}
return h;
}
Since every thread do nfq_open(), has a separate descriptor and etc, i think
i don't need a lock around recv() and nfq_set_verdict2(). Am i right?
Thanks!
--
Олег Неманов (Oleg Nemanov)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
