Hello, I followed this tutorials Queueing to userspace, on vyos1.4, but found libnetfilter_queue(nfqnl_test) drop all the packets.
Here are my situation:
-
Runing vyos on x86 router. it works fine before I do the following steps. Computers connect to router can access internet.
-
I run “./nfqnl_test 0” on the vyos. I did not change any code of nfqnl_test.
-
I set some rules to nft like this:
nft 'add chain ip filter xxx { type filter hook prerouting priority security; policy accept; }'
nft add ip filter janus counter queue num 0 bypass
-
I can see nfqnl_test receives a lot of packets and set ‘NF_ACCEPT’ to every packet.
-
However, Computers connect to vyos can’t access internet.
-
I run tcpdump on vyos, found like this (Only tcp syn packets found. The libnetfilter_queue(nfqnl_test) drop all the packets?):
