Skip to content

Commit

Permalink
netfilter: do not unbind the queues on exit
Browse files Browse the repository at this point in the history 
On exit we were calling nfq_unbind_pf for AF_INET and AF_INET6, which
usually stcuked the daemon for a very long time, and other times
caused a segfault.

According to the docs (..), calling nfq_destroy_queue() is enough to
exit cleanly:
"This call also unbind from the nfqueue handler, so you don't have to
call nfq_unbind_pf."
https://netfilter.org/projects/libnetfilter_queue/doxygen/html/group__Queue.html#ga32a1461e9a36c95a03cb4476109f33bb

Closes #919
  • Loading branch information
@gustavo-iniguez-goya
gustavo-iniguez-goya committed Dec 5, 2023
1 parent d7c7a08 commit 430c280
Showing 1 changed file with 0 additions and 2 deletions.
2 changes: 0 additions & 2 deletions daemon/netfilter/queue.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,8 +163,6 @@ func (q *Queue) destroy() {
}
os.Exit(0)
})
C.nfq_unbind_pf(q.h, AF_INET)
C.nfq_unbind_pf(q.h, AF_INET6)
if q.qh != nil {
if ret := C.nfq_destroy_queue(q.qh); ret != 0 {
log.Warning("Queue.destroy() idx=%d, nfq_destroy_queue() not closed: %d", q.idx, ret)
Expand Down

0 comments on commit 430c280

Please sign in to comment.