Problems with how to realise a simple myip6tables program

All of lore.kernel.org
 help / color / mirror / Atom feed

* Problems with how to realise a simple myip6tables program
@ 2006-05-24  3:49 GuanYao Huang
  0 siblings, 0 replies; only message in thread
From: GuanYao Huang @ 2006-05-24  3:49 UTC (permalink / raw)
  To: netfilter-devel

I am writting a myip6tables program to realize ROUTE and MARK target. (Of course I
shoule steal some codes from ip6tables). The ROUTE target is used to redirect a
flow to a ip6-ip6 tunnel.
After running my program I will see my ip6tables:
[root@gyhuang2 projectipv6]# ip6tables -t mangle -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
MARK       udp      2001:da8:d800:1234:1234::28/128  2001:da8:d800:1234::31/128udp
spts:1:65535 dpt:8080 MARK set 0x33
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
ROUTE      udp      2001:da8:d800:1234:1234::28/128  2001:da8:d800:1234::31/128udp
spts:1:65535 dpt:8080 ROUTE oif:60804f817a

However, when using tcpdump, I can see there is no effect for my rules.

But, if I use the commads:
1, ip6tables -t mangle -I POSTROUTING -p udp -s 2001:da8:d800:1234:1234::28 -d
2001:da8:d800:1234::31 --sport 1:65535 --dport 8080 -j ROUTE --oif 60804f817a
2, ip6tables -t mangle -A FORWARD -p udp -s 2001:da8:d800:1234:1234::28 -d
2001:da8:d800:1234::31 --sport 1:65535 --dport 8080 -j MARK --set-mark 0x33
we can add two same rules(At least the same in ip6tables -t mangle -L -n). And
this time, we manage it.

[root@gyhuang2 projectipv6]# ip6tables -t mangle -L -n 
Chain PREROUTING (policy ACCEPT) 
target     prot opt source               destination
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
MARK       udp      2001:da8:d800:1234:1234::28/128  2001:da8:d800:1234::31/128udp
spts:1:65535 dpt:8080 MARK set 0x33
MARK       udp      2001:da8:d800:1234:1234::28/128  2001:da8:d800:1234::31/128udp
spts:1:65535 dpt:8080 MARK set 0x33
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
ROUTE      udp      2001:da8:d800:1234:1234::28/128  2001:da8:d800:1234::31/128udp
spts:1:65535 dpt:8080 ROUTE oif:60804f817a
ROUTE      udp      2001:da8:d800:1234:1234::28/128  2001:da8:d800:1234::31/128udp
spts:1:65535 dpt:8080 ROUTE oif:60804f817a

It seems they are the same rules, however, no effect by my program.
I am wondering if someone else has done the same thing with me. I really do not
want to read the ip6tables source code. I used gdb to debug that this morning, but
it seems hard to manage in a short while.

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2006-05-24  3:49 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-05-24  3:49 Problems with how to realise a simple myip6tables program GuanYao Huang

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.