netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: iptables breakage WAS(Re: dummy as IMQ replacement

from [Andy Furniss] [Permanent Link][Original]
To: hadi@xxxxxxxxxx
Subject: Re: iptables breakage WAS(Re: dummy as IMQ replacement
From: Andy Furniss <andy.furniss@xxxxxxxxxxxxx>
Date: Tue, 22 Mar 2005 21:09:44 +0000
Cc: Harald Welte <laforge@xxxxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, Remus <rmocius@xxxxxxxxxxxxxx>, netdev@xxxxxxxxxxx, Nguyen Dinh Nam <nguyendinhnam@xxxxxxxxx>, Andre Tomt <andre@xxxxxxxx>, syrius.ml@xxxxxxxxxx, Damion de Soto <damion@xxxxxxxxxxxx>
In-reply-to: <1111462263.1109.6.camel@xxxxxxxxxxxxxxxx>
References: <1107123123.8021.80.camel@xxxxxxxxxxxxxxxx> <0fcf01c5077f$579e4b80$6e69690a@RIMAS> <1107174142.8021.121.camel@xxxxxxxxxxxxxxxx> <00c301c524b4$938cd240$6e69690a@RIMAS> <1110379135.1091.143.camel@xxxxxxxxxxxxxxxx> <1110416767.1111.76.camel@xxxxxxxxxxxxxxxx> <025501c52552$2dbf87c0$6e69690a@RIMAS> <1110453757.1108.87.camel@xxxxxxxxxxxxxxxx> <423B7BCB.10400@xxxxxxxxxxxxx> <1111410890.1092.195.camel@xxxxxxxxxxxxxxxx> <423F41AD.3010902@xxxxxxxxxxxxx> <1111444869.1072.51.camel@xxxxxxxxxxxxxxxx> <423F71C2.8040802@xxxxxxxxxxxxx> <1111462263.1109.6.camel@xxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b) Gecko/20050217 
jamal wrote:

Andy,
Thanks for all your efforts.
I will be back on my regular setup by tommorow evening and should be
able to hopefuly test this. I am going to try:

- latest iproute2 with 1.3.x ipt changes
- i am just gonna jump to iptables 1.3.x - we are going to ignore 1.2.11
and below - kernel 2.6.11.5 patches with stats 

Issues seen so far - the following dont work:

a) tc filter add dev eth0 parent ffff: protocol ip prio 10 u32 \
match u32 0 0 flowid 1:1 action ipt -j MARK --set-mark
[Actually did you test this?]


Not without the 1 - If I do I get
++ /usr/sbin/tc filter add dev eth0 parent ffff: protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action ipt -j MARK --set-mark 
ipt: option `--set-mark' requires an argument
tablename: mangle hook: NF_IP_PRE_ROUTING
        target: MARK set 0x0  index 0
RTNETLINK answers: Invalid argument
We have an error talking to the kernel

With the one -
++ /usr/sbin/tc filter add dev eth0 parent ffff: protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action ipt -j MARK --set-mark 1 
tablename: mangle hook: NF_IP_PRE_ROUTING
        target: MARK set 0x1  index 0
RTNETLINK answers: Invalid argument
We have an error talking to the kernel



b) above with mirred as the next action fails in user space


Yes -
++ /usr/sbin/tc filter add dev eth0 parent ffff: protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action ipt -j MARK --set-mark 1 action mirred egress redirect dev dummy0 
tablename: mangle hook: NF_IP_PRE_ROUTING
        target: MARK set 0x1  index 0
bad action type mirred
Usage: ... gact <ACTION> [RAND] [INDEX]
Where: ACTION := reclassify | drop | continue | pass RAND := random <RANDTYPE> <ACTION> <VAL>RANDTYPE := netrand | determVAL : = value not exceeding 10000INDEX := index value used 
bad action parsing
parse_action: bad value (5:mirred)!
Illegal "action"
I notice if I grep iproute for "bad action type" it's in m_gact.c which does not contain the word mirred to test at all. 



c) a) with a simple "action ok" is also rejected by the kernel
with "Invalid argument"


Yes.



Did i miss anything else?


Don't think so - I can get a and c to work with older iptables and headers.

Andy.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [PATCH 2.6.11 8/8] tg3: Add Broadcom copyright, Jeff Garzik
Next by Date:  Re: netif_rx packet dumping, cliff white
Previous by Thread:  Re: iptables breakage WAS(Re: dummy as IMQ replacement, jamal
Next by Thread:  Re: iptables breakage WAS(Re: dummy as IMQ replacement, jamal
Indexes:  [Date] [Thread] [Top] [All Lists]