* iptables 1.3.1 MARK target
@ 2005-03-17 16:52 Graham Keeling
2005-03-17 22:04 ` Pablo Neira
0 siblings, 1 reply; 3+ messages in thread
From: Graham Keeling @ 2005-03-17 16:52 UTC (permalink / raw)
To: netfilter-devel
Hi,
I'm posting this in case you guys aren't aware of it...
I'm using kernel 2.4.26.
I recently upgraded iptables from 1.2.8 to 1.3.1.
I found that the MARK target didn't work anymore.
I couldn't do --set-mark, --or-mark or --and-mark.
The error messages were;
--set-mark: invalid argument
--or-mark: kernel too old for --or-mark
--and-mark: kernel too old for --and-mark
I investigated libipt_MARK.c and found that there were two parsing functions,
parse_v0 and parse_v1, used by
struct iptables_target mark_v0
and
struct iptables_target mark_v1
void _init(void) registers both mark_v0 and mark_v1 as targets, one after the
other.
I found that by commenting out the first 'register_target()', the MARK target
worked again.
I found the following entry in the mailing archives, which contains the
patch that inserts the two different targets;
http://lists.netfilter.org/pipermail/netfilter-devel/2005-January/017976.html
Is this something that needs fixing, or is it known about already?
Cheers,
Graham.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: iptables 1.3.1 MARK target
2005-03-17 16:52 iptables 1.3.1 MARK target Graham Keeling
@ 2005-03-17 22:04 ` Pablo Neira
2005-03-17 22:13 ` Pablo Neira
0 siblings, 1 reply; 3+ messages in thread
From: Pablo Neira @ 2005-03-17 22:04 UTC (permalink / raw)
To: Graham Keeling; +Cc: netfilter-devel
Graham Keeling wrote:
> Hi,
> I'm posting this in case you guys aren't aware of it...
>
> I'm using kernel 2.4.26.
> I recently upgraded iptables from 1.2.8 to 1.3.1.
> I found that the MARK target didn't work anymore.
> I couldn't do --set-mark, --or-mark or --and-mark.
> The error messages were;
> --set-mark: invalid argument
> --or-mark: kernel too old for --or-mark
> --and-mark: kernel too old for --and-mark
that's right since versioning stuff was pushed forward into kernel
mainline, now we can extend current matches and target ensuring backward
compatibility. If you want to use those parameters you must upgrade your
kernel.
--
Pablo
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: iptables 1.3.1 MARK target
2005-03-17 22:04 ` Pablo Neira
@ 2005-03-17 22:13 ` Pablo Neira
0 siblings, 0 replies; 3+ messages in thread
From: Pablo Neira @ 2005-03-17 22:13 UTC (permalink / raw)
To: Graham Keeling; +Cc: netfilter-devel
Pablo Neira wrote:
> Graham Keeling wrote:
>
>> Hi,
>> I'm posting this in case you guys aren't aware of it...
>>
>> I'm using kernel 2.4.26.
>> I recently upgraded iptables from 1.2.8 to 1.3.1.
>> I found that the MARK target didn't work anymore.
>> I couldn't do --set-mark, --or-mark or --and-mark.
>> The error messages were;
>> --set-mark: invalid argument
>> --or-mark: kernel too old for --or-mark
>> --and-mark: kernel too old for --and-mark
>
>
> that's right since versioning stuff was pushed forward into kernel
> mainline, now we can extend current matches and target ensuring backward
> compatibility. If you want to use those parameters you must upgrade your
> kernel.
wait a minute, I got what you meant. You are using MARK from
patch-o-matic-ng and doesn't work anymore. So you are right, we need to
port MARK-operations to the new versioning infrastructure, then it will
work fine with iptables-1.3
--
Pablo
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-03-17 22:13 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-03-17 16:52 iptables 1.3.1 MARK target Graham Keeling
2005-03-17 22:04 ` Pablo Neira
2005-03-17 22:13 ` Pablo Neira
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.