安装NetfilterQueue问题

在安装Python的NetfilterQueue 时遇到了问题：

我一开始用pip命令安装的，它提示Microsoft Visual C++ 14.0 or greater is required. Get it with “Microsoft C++ Build Tools，安装好之后还是报错。希望大家给出一个解决方法。谢谢。

NetfilterQueue provides access to packets matched by an iptables rule in Linux. Packets so matched can be accepted, dropped, altered, reordered, or given a mark.

别费劲了，这个库只能在Linux下用，基于libnetfilter_queue的，Windows用不了

希望采纳

不知道你这个问题是否已经解决, 如果还没有解决的话:

• 这篇博客: netfilter连接跟踪统计中的 树节点回收 部分也许能够解决你的问题, 你可以仔细阅读以下内容或者直接跳转源博客中阅读:
  

  如下链表元素回收函数nf_conncount_gc_list，遍历节点的链表，如果连接跟踪已经关闭，将其对应的计数结构释放。如果遇到一个未关闭的连接跟踪，并且已经关闭了8个（CONNCOUNT_GC_MAX_NODES）计数结构，提前提出遍历。

  最后，如果链表中元素为空，返回真。

  bool nf_conncount_gc_list(struct net *net, struct nf_conncount_list *list)
  {
      const struct nf_conntrack_tuple_hash *found;
      struct nf_conncount_tuple *conn, *conn_n;
      struct nf_conn *found_ct;
      bool ret = false;
  
      /* don't bother if other cpu is already doing GC */
      if (!spin_trylock(&list->list_lock)) return false;
  
      list_for_each_entry_safe(conn, conn_n, &list->head, node) {
          found = find_or_evict(net, list, conn);
          if (IS_ERR(found)) {
              if (PTR_ERR(found) == -ENOENT)
                  collected++;
              continue;
          }
          found_ct = nf_ct_tuplehash_to_ctrack(found);
          if (already_closed(found_ct)) {
              /* we do not care about connections which are closed already -> ditch it
               */
              nf_ct_put(found_ct);
              conn_free(list, conn);
              collected++;
              continue;
          }
          nf_ct_put(found_ct);
          if (collected > CONNCOUNT_GC_MAX_NODES) break;
      }
      if (!list->count) ret = true;
  

  遍历指定的红黑树，如果某个树节点中连接跟踪为空，gc_count递增1。如果空节点数量小于8（CONNCOUNT_GC_MAX_NODES），不进行处理。

  static void tree_gc_worker(struct work_struct *work)
  {
      struct nf_conncount_data *data = container_of(work, struct nf_conncount_data, gc_work);
      struct nf_conncount_rb *gc_nodes[CONNCOUNT_GC_MAX_NODES], *rbconn;
      struct rb_root *root;
      struct rb_node *node;
      unsigned int tree, next_tree, gc_count = 0;
  
      tree = data->gc_tree % CONNCOUNT_SLOTS;
      root = &data->root[tree];
  
      local_bh_disable();
      rcu_read_lock();
      for (node = rb_first(root); node != NULL; node = rb_next(node)) {
          rbconn = rb_entry(node, struct nf_conncount_rb, node);
          if (nf_conncount_gc_list(data->net, &rbconn->list))
              gc_count++;
      }
      rcu_read_unlock();
      local_bh_enable();
  
      cond_resched();
  
      spin_lock_bh(&nf_conncount_locks[tree]);
      if (gc_count < ARRAY_SIZE(gc_nodes))
          goto next; /* do not bother */
  

  再次遍历此红黑树，当找到8个空节点之后，由函数tree_nodes_free执行释放操作。

      gc_count = 0;
      node = rb_first(root);
      while (node != NULL) {
          rbconn = rb_entry(node, struct nf_conncount_rb, node);
          node = rb_next(node);
  
          if (rbconn->list.count > 0)
              continue;
  
          gc_nodes[gc_count++] = rbconn;
          if (gc_count >= ARRAY_SIZE(gc_nodes)) {
              tree_nodes_free(root, gc_nodes, gc_count);
              gc_count = 0;
          }
      }
      tree_nodes_free(root, gc_nodes, gc_count);
  

  找到下一个等待回收的红黑树，再次调度worker。

  next:
      clear_bit(tree, data->pending_trees);
  
      next_tree = (tree + 1) % CONNCOUNT_SLOTS;
      next_tree = find_next_bit(data->pending_trees, CONNCOUNT_SLOTS, next_tree);
  
      if (next_tree < CONNCOUNT_SLOTS) {
          data->gc_tree = next_tree;
          schedule_work(work);
      }
  

  内核版本 5.10

如果你已经解决了该问题, 非常希望你能够分享一下解决方案, 写成博客, 将相关链接放在评论区, 以帮助更多的人 ^-^