From: Andy Furniss <andy.furniss@dsl.pipex.com>
To: hadi@cyberus.ca
Cc: Harald Welte <laforge@gnumonks.org>,
Patrick McHardy <kaber@trash.net>, Remus <rmocius@auste.elnet.lt>,
netdev@oss.sgi.com, Nguyen Dinh Nam <nguyendinhnam@gmail.com>,
Andre Tomt <andre@tomt.net>,
syrius.ml@no-log.org, Damion de Soto <damion@snapgear.com>
Subject: Re: iptables breakage WAS(Re: dummy as IMQ replacement
Date: Mon, 21 Mar 2005 21:50:37 +0000 [thread overview]
Message-ID: <423F41AD.3010902@dsl.pipex.com> (raw)
In-Reply-To: <1111410890.1092.195.camel@jzny.localdomain>
jamal wrote:
> On Fri, 2005-03-18 at 20:09, Andy Furniss wrote:
>
>>jamal wrote:
>>
>>>Hi Remus,
>>>I could not reproduce this one - it is also a bit odd for calloc to
>>>fail. I dont have iptables 1.3.1 but i will get and retry.
>>>Does this happen all the time?
>>
>>I get the same with iptables 1.3.1 and 1.3.0
>>
>>iptables: calloc failed: Cannot allocate memory
>>
>>using kernel 2.6.11.3 and tc iproute2-ss050314
>>
>>If I try an earlier iptables (tested 9, 10, 11) I get
>>
>
>
> Ok, I think i figured this one out as well - sorry dont have access to
> my test hardware still to verify.
>
> As i was suspecting this is related to iptables breaking backwards
> compatibility. Starting with 1.3.0 the target structure changed ;->
> (right at the top is a new field called version)
> I suspect the iptables folks maybe unaware that there are other users of
> iptables and assume that anyone needing to use new iptables will
> recompile everything from scratch. BAD! BAD!
> I am ccing the necessary evil doers (Harald and Patrick - at least they
> would know who the real evildoer is).
>
> To test the theory copy iptables.h and iptables_common.h from
> iptables-1.3.1/include into iproute2/include with the latest iproute2
> and recompile. Make sure m_ipt.c is recompiled - you may have to do a
> make clean in iproute2/tc/
I haven't done a new kernel with stats patched yet. Using iptables 1.3.1
and iproute2-ss050314 with iptables headers I now get below instead of
memory error.
++ /usr/sbin/tc filter add dev eth0 parent ffff: protocol ip prio 10 u32
match u32 0 0 flowid 1:1 action ipt -j MARK --set-mark 1 action mirred
egress redirect dev dummy0
tablename: mangle hook: NF_IP_PRE_ROUTING
target: MARK set 0x1 index 0
bad action type mirred
Usage: ... gact <ACTION> [RAND] [INDEX]
Where: ACTION := reclassify | drop | continue | pass RAND := random
<RANDTYPE> <ACTION> <VAL>RANDTYPE := netrand | determVAL : = value not
exceeding 10000INDEX := index value used
bad action parsing
parse_action: bad value (5:mirred)!
Illegal "action"
I will try with new kernel later tonight.
>
> I should be able to validate all this stuff starting tommorow evening.
> Also I have a feeling if you make this change, things will not work for
> iptables <=1.2.9/10/11. Can you verify that?
>
Yes it segfaults with iptables v1.2.11
++ /usr/sbin/tc filter add dev eth0 parent ffff: protocol ip prio 10 u32
match u32 0 0 flowid 1:1 action ipt -j MARK --set-mark 1 action mirred
egress redirect dev dummy0
./dummy-ingress-2: line 43: 1345 Segmentation fault $TC filter add
dev eth0 parent ffff: protocol ip prio 10 u32 match u32 0 0 flowid 1:1
action ipt -j MARK --set-mark 1 action mirred egress redirect dev dummy0
next prev parent reply other threads:[~2005-03-21 21:50 UTC|newest]
Thread overview: 126+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-30 22:12 dummy as IMQ replacement Jamal Hadi Salim
2005-01-31 8:20 ` Hasso Tepper
2005-01-31 12:25 ` jamal
2005-01-31 12:38 ` Hasso Tepper
2005-01-31 12:47 ` jamal
2005-01-31 13:02 ` Hasso Tepper
2005-01-31 13:28 ` Thomas Graf
2005-01-31 13:45 ` jamal
2005-01-31 14:06 ` Thomas Graf
2005-01-31 14:29 ` jamal
2005-01-31 13:39 ` jamal
2005-01-31 14:14 ` Hasso Tepper
2005-01-31 14:25 ` jamal
2005-01-31 14:46 ` Hasso Tepper
2005-01-31 15:34 ` jamal
2005-01-31 18:00 ` Lennert Buytenhek
2005-01-31 20:08 ` jamal
2005-01-31 13:58 ` Thomas Graf
2005-01-31 14:19 ` jamal
2005-01-31 15:15 ` Thomas Graf
2005-01-31 15:40 ` jamal
2005-01-31 15:59 ` Thomas Graf
2005-01-31 16:40 ` jamal
2005-01-31 18:15 ` Thomas Graf
2005-01-31 20:18 ` jamal
2005-01-31 22:53 ` Thomas Graf
2005-02-01 12:02 ` jamal
2005-02-01 12:51 ` Thomas Graf
2005-02-01 13:13 ` jamal
2005-02-01 22:44 ` Thomas Graf
2005-02-02 14:24 ` jamal
2005-02-02 15:40 ` Thomas Graf
2005-02-02 15:55 ` Thomas Graf
2005-01-31 20:28 ` David S. Miller
2005-02-01 1:02 ` Andy Furniss
2005-02-01 13:31 ` Thomas Graf
2005-02-01 15:03 ` Andy Furniss
2005-02-02 13:28 ` Thomas Graf
2005-01-31 16:27 ` Andre Correa
2005-01-31 16:51 ` Jamal Hadi Salim
2005-01-31 22:39 ` Andy Furniss
2005-02-01 11:49 ` jamal
2005-02-01 14:53 ` Andy Furniss
2005-02-02 14:05 ` jamal
2005-02-04 0:33 ` Andy Furniss
2005-02-01 11:32 ` Andy Furniss
[not found] ` <0fcf01c5077f$579e4b80$6e69690a@RIMAS>
[not found] ` <1107174142.8021.121.camel@jzny.localdomain>
2005-03-09 14:30 ` Remus
2005-03-09 14:38 ` jamal
2005-03-10 1:06 ` Jamal Hadi Salim
2005-03-10 9:18 ` Remus
2005-03-10 11:22 ` jamal
2005-03-19 1:09 ` Andy Furniss
2005-03-19 1:45 ` jamal
2005-03-19 10:23 ` Andy Furniss
2005-03-20 13:20 ` jamal
2005-03-20 13:55 ` jamal
2005-03-20 18:31 ` jamal
2005-03-21 22:08 ` Andy Furniss
2005-03-21 13:14 ` iptables breakage WAS(Re: " jamal
2005-03-21 21:50 ` Andy Furniss [this message]
2005-03-21 22:41 ` jamal
2005-03-22 1:15 ` Andy Furniss
2005-03-22 3:31 ` jamal
2005-03-22 21:09 ` Andy Furniss
2005-03-23 3:57 ` jamal
2005-03-23 19:33 ` Andy Furniss
2005-03-23 19:45 ` jamal
2005-03-23 20:53 ` Andy Furniss
2005-03-23 21:07 ` jamal
2005-03-23 22:46 ` Andy Furniss
2005-03-23 23:12 ` Andy Furniss
2005-03-24 0:34 ` jamal
2005-03-24 1:00 ` Andy Furniss
2005-03-24 0:53 ` jamal
2005-03-24 1:08 ` Andy Furniss
2005-03-24 11:32 ` jamal
2005-03-24 11:57 ` jamal
2005-03-24 15:41 ` Andy Furniss
2005-03-25 11:13 ` jamal
2005-03-25 12:39 ` jamal
2005-03-25 17:27 ` Patrick McHardy
2005-03-25 18:34 ` jamal
2005-03-25 19:01 ` Patrick McHardy
2005-03-25 20:07 ` Patrick McHardy
2005-03-25 20:31 ` jamal
2005-03-25 20:37 ` Patrick McHardy
2005-03-25 20:54 ` jamal
2005-03-25 21:23 ` Patrick McHardy
2005-03-25 19:08 ` jamal
2005-03-25 19:22 ` jamal
2005-03-25 19:59 ` Andy Furniss
2005-03-25 20:09 ` Patrick McHardy
2005-03-25 20:42 ` Andy Furniss
2005-03-25 20:10 ` jamal
2005-03-25 20:18 ` Patrick McHardy
2005-03-25 20:45 ` jamal
2005-03-25 21:10 ` Patrick McHardy
2005-03-25 21:57 ` jamal
2005-03-25 20:20 ` Thomas Graf
2005-03-25 20:48 ` jamal
2005-03-25 21:01 ` Thomas Graf
2005-03-25 21:48 ` jamal
2005-03-25 22:03 ` Thomas Graf
2005-03-25 22:20 ` jamal
2005-03-25 20:39 ` Patrick McHardy
2005-03-25 20:55 ` jamal
2005-03-25 21:00 ` Patrick McHardy
2005-03-25 21:44 ` jamal
2005-03-25 21:18 ` Andy Furniss
2005-03-25 22:12 ` IMQ again WAS(Re: " jamal
2005-03-25 23:26 ` Andy Furniss
2005-03-27 19:35 ` Andy Furniss
2005-03-28 13:39 ` Andy Furniss
2005-03-28 13:45 ` jamal
2005-03-28 13:55 ` Andy Furniss
2005-03-28 14:08 ` jamal
2005-03-28 13:57 ` jamal
2005-03-28 14:12 ` Andy Furniss
2005-03-28 14:20 ` jamal
2005-03-28 14:28 ` Andy Furniss
2005-03-28 14:36 ` Andy Furniss
2005-03-28 15:24 ` Andy Furniss
2005-03-28 19:27 ` jamal
2005-03-28 20:13 ` Andy Furniss
2005-03-23 1:31 ` Patrick McHardy
2005-03-23 4:01 ` jamal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=423F41AD.3010902@dsl.pipex.com \
--to=andy.furniss@dsl.pipex.com \
--cc=andre@tomt.net \
--cc=damion@snapgear.com \
--cc=hadi@cyberus.ca \
--cc=kaber@trash.net \
--cc=laforge@gnumonks.org \
--cc=netdev@oss.sgi.com \
--cc=nguyendinhnam@gmail.com \
--cc=rmocius@auste.elnet.lt \
--cc=syrius.ml@no-log.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.