netdev
[Top] [All Lists]

Re: iptables breakage WAS(Re: dummy as IMQ replacement

To: hadi@xxxxxxxxxx
Subject: Re: iptables breakage WAS(Re: dummy as IMQ replacement
From: Andy Furniss <andy.furniss@xxxxxxxxxxxxx>
Date: Wed, 23 Mar 2005 19:33:12 +0000
Cc: Harald Welte <laforge@xxxxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, Remus <rmocius@xxxxxxxxxxxxxx>, netdev@xxxxxxxxxxx, Nguyen Dinh Nam <nguyendinhnam@xxxxxxxxx>, Andre Tomt <andre@xxxxxxxx>, syrius.ml@xxxxxxxxxx, Damion de Soto <damion@xxxxxxxxxxxx>
In-reply-to: <1111550254.1089.21.camel@jzny.localdomain>
References: <1107123123.8021.80.camel@jzny.localdomain> <0fcf01c5077f$579e4b80$6e69690a@RIMAS> <1107174142.8021.121.camel@jzny.localdomain> <00c301c524b4$938cd240$6e69690a@RIMAS> <1110379135.1091.143.camel@jzny.localdomain> <1110416767.1111.76.camel@jzny.localdomain> <025501c52552$2dbf87c0$6e69690a@RIMAS> <1110453757.1108.87.camel@jzny.localdomain> <423B7BCB.10400@dsl.pipex.com> <1111410890.1092.195.camel@jzny.localdomain> <423F41AD.3010902@dsl.pipex.com> <1111444869.1072.51.camel@jzny.localdomain> <423F71C2.8040802@dsl.pipex.com> <1111462263.1109.6.camel@jzny.localdomain> <42408998.5000202@dsl.pipex.com> <1111550254.1089.21.camel@jzny.localdomain>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b) Gecko/20050217
jamal wrote:
Ok, Andy - I have tested this and should all work.
Can you double check on your side before i push kernel patch to Dave? I
tested on ubuntu distro on an AMD athlon.
Attached tar.gz with necessary patches. I only bothered to do 2 out of 3
tests. The second one covers the third. iptables libraries at runtime:
1.3.1

OK rebuilt with those versions and patches.

TEST1:

Check if ipt works on its own and stats are fixed.

tc qdisc del dev eth0 ingress
tc qdisc add dev eth0 ingress

tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 \
match ip src 10.0.2.24/32 flowid 1:16 \
action ipt -j TOS --set-tos Maximize-Reliability

Yes this works OK

TEST2:
- check if ipt followed by another action works.
- check if mirred works

tc qdisc del dev eth0 ingress
tc qdisc add dev eth0 ingress

tc filter add dev eth0 parent ffff: protocol ip prio 6 \
u32 match ip src 10.0.2.24/32 flowid 1:16 \
action ipt -j TOS --set-tos Maximize-Reliability \
action mirred egress redirect dev lo

Also works OK

bantu:~# tc -s filter ls dev eth0 parent ffff:

didn't get bash prompt back after doing this till <ctrl><c> but works and looks OK. Works if I direct to dummy0 aswell :-)


The thing that still fails is trying to use MARK - but I guess that's not to do with mirred as I don't get any mention of it anymore.

[root@amd /home/andy/Qos]# tc qdisc del dev eth0 ingress
RTNETLINK answers: No such file or directory
[root@amd /home/andy/Qos]# tc qdisc add dev eth0 ingress
[root@amd /home/andy/Qos]# tc filter add dev eth0 parent ffff: protocol ip prio 6 \
> u32 match ip src 10.0.2.24/32 flowid 1:16 \
> action ipt -j MARK --set-mark 1
tablename: mangle hook: NF_IP_PRE_ROUTING
target: MARK set 0x1 index 0
RTNETLINK answers: Invalid argument
We have an error talking to the kernel


I get exactly the same error if I also add action mirred egress redirect dev lo - before I would get different.

Andy.




<Prev in Thread] Current Thread [Next in Thread>