From: "GuanYao Huang" <gyhuang@mail.ustc.edu.cn>
To: netfilter-devel@lists.netfilter.org
Subject: Problems with how to realise a simple myip6tables program
Date: Wed, 24 May 2006 11:49:05 +0800 [thread overview]
Message-ID: <348442545.21384@ustc.edu.cn> (raw)
I am writting a myip6tables program to realize ROUTE and MARK target. (Of course I
shoule steal some codes from ip6tables). The ROUTE target is used to redirect a
flow to a ip6-ip6 tunnel.
After running my program I will see my ip6tables:
[root@gyhuang2 projectipv6]# ip6tables -t mangle -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
MARK udp 2001:da8:d800:1234:1234::28/128 2001:da8:d800:1234::31/128udp
spts:1:65535 dpt:8080 MARK set 0x33
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
ROUTE udp 2001:da8:d800:1234:1234::28/128 2001:da8:d800:1234::31/128udp
spts:1:65535 dpt:8080 ROUTE oif:60804f817a
However, when using tcpdump, I can see there is no effect for my rules.
But, if I use the commads:
1, ip6tables -t mangle -I POSTROUTING -p udp -s 2001:da8:d800:1234:1234::28 -d
2001:da8:d800:1234::31 --sport 1:65535 --dport 8080 -j ROUTE --oif 60804f817a
2, ip6tables -t mangle -A FORWARD -p udp -s 2001:da8:d800:1234:1234::28 -d
2001:da8:d800:1234::31 --sport 1:65535 --dport 8080 -j MARK --set-mark 0x33
we can add two same rules(At least the same in ip6tables -t mangle -L -n). And
this time, we manage it.
[root@gyhuang2 projectipv6]# ip6tables -t mangle -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
MARK udp 2001:da8:d800:1234:1234::28/128 2001:da8:d800:1234::31/128udp
spts:1:65535 dpt:8080 MARK set 0x33
MARK udp 2001:da8:d800:1234:1234::28/128 2001:da8:d800:1234::31/128udp
spts:1:65535 dpt:8080 MARK set 0x33
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
ROUTE udp 2001:da8:d800:1234:1234::28/128 2001:da8:d800:1234::31/128udp
spts:1:65535 dpt:8080 ROUTE oif:60804f817a
ROUTE udp 2001:da8:d800:1234:1234::28/128 2001:da8:d800:1234::31/128udp
spts:1:65535 dpt:8080 ROUTE oif:60804f817a
It seems they are the same rules, however, no effect by my program.
I am wondering if someone else has done the same thing with me. I really do not
want to read the ip6tables source code. I used gdb to debug that this morning, but
it seems hard to manage in a short while.
reply other threads:[~2006-05-24 3:49 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=348442545.21384@ustc.edu.cn \
--to=gyhuang@mail.ustc.edu.cn \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.