From 4b7ff505e46bb4d8c99fd548d4147f70014d228d Mon Sep 17 00:00:00 2001 From: bol-van Date: Mon, 16 Feb 2026 20:51:39 +0300 Subject: [PATCH] nfqws2: old kernels compat --- nfq2/darkmagic.c | 3 ++- nfq2/nfqws.c | 18 +++++++++++++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/nfq2/darkmagic.c b/nfq2/darkmagic.c index 0077b7d..10f650e 100644 --- a/nfq2/darkmagic.c +++ b/nfq2/darkmagic.c @@ -1880,8 +1880,9 @@ static int rawsend_socket(sa_family_t family) } if (family==AF_INET && setsockopt(*sock, IPPROTO_IP, IP_NODEFRAG, &yes, sizeof(yes)) == -1) { + // since 2.6.36 DLOG_PERROR("rawsend: setsockopt(IP_NODEFRAG)"); - goto exiterr; + //goto exiterr; } if (family==AF_INET && setsockopt(*sock, IPPROTO_IP, IP_FREEBIND, &yes, sizeof(yes)) == -1) { diff --git a/nfq2/nfqws.c b/nfq2/nfqws.c index 146e60f..b6bc068 100644 --- a/nfq2/nfqws.c +++ b/nfq2/nfqws.c @@ -317,8 +317,14 @@ static bool nfq_init(struct nfq_handle **h, struct nfq_q_handle **qh, uint8_t *m goto exiterr; } - // linux kernels pass both ipv4 and ipv6 even if only AF_INET is boumd // linux 3.8 - bind calls are NOOP. linux 3.8- - secondary bind to AF_INET6 will fail + // old kernels seem to require both binds to ipv4 and ipv6. may not work without unbind + + DLOG_CONDUP("unbinding existing nf_queue handler for AF_INET (if any)\n"); + if (nfq_unbind_pf(*h, AF_INET) < 0) { + DLOG_PERROR("nfq_unbind_pf(AF_INET)"); + goto exiterr; + } DLOG_CONDUP("binding nfnetlink_queue as nf_queue handler for AF_INET\n"); if (nfq_bind_pf(*h, AF_INET) < 0) { @@ -326,6 +332,16 @@ static bool nfq_init(struct nfq_handle **h, struct nfq_q_handle **qh, uint8_t *m goto exiterr; } + DLOG_CONDUP("unbinding existing nf_queue handler for AF_INET6 (if any)\n"); + if (nfq_unbind_pf(*h, AF_INET6) < 0) { + DLOG_PERROR("nfq_unbind_pf(AF_INET6)"); + } + + DLOG_CONDUP("binding nfnetlink_queue as nf_queue handler for AF_INET6\n"); + if (nfq_bind_pf(*h, AF_INET6) < 0) { + DLOG_PERROR("nfq_bind_pf(AF_INET6)"); + } + DLOG_CONDUP("binding this socket to queue '%u'\n", params.qnum); *qh = nfq_create_queue(*h, params.qnum, &nfq_cb, mod_buffer); if (!*qh) {