From: Andy Furniss <andy.furniss@dsl.pipex.com>
To: hadi@cyberus.ca
Cc: Harald Welte <laforge@gnumonks.org>,
Patrick McHardy <kaber@trash.net>, Remus <rmocius@auste.elnet.lt>,
netdev@oss.sgi.com, Nguyen Dinh Nam <nguyendinhnam@gmail.com>,
Andre Tomt <andre@tomt.net>,
syrius.ml@no-log.org, Damion de Soto <damion@snapgear.com>
Subject: Re: iptables breakage WAS(Re: dummy as IMQ replacement
Date: Tue, 22 Mar 2005 21:09:44 +0000 [thread overview]
Message-ID: <42408998.5000202@dsl.pipex.com> (raw)
In-Reply-To: <1111462263.1109.6.camel@jzny.localdomain>
jamal wrote:
> Andy,
> Thanks for all your efforts.
> I will be back on my regular setup by tommorow evening and should be
> able to hopefuly test this. I am going to try:
>
> - latest iproute2 with 1.3.x ipt changes
> - i am just gonna jump to iptables 1.3.x - we are going to ignore 1.2.11
> and below
> - kernel 2.6.11.5 patches with stats
>
> Issues seen so far - the following dont work:
>
> a) tc filter add dev eth0 parent ffff: protocol ip prio 10 u32 \
> match u32 0 0 flowid 1:1 action ipt -j MARK --set-mark
> [Actually did you test this?]
Not without the 1 - If I do I get
++ /usr/sbin/tc filter add dev eth0 parent ffff: protocol ip prio 10 u32
match u32 0 0 flowid 1:1 action ipt -j MARK --set-mark
ipt: option `--set-mark' requires an argument
tablename: mangle hook: NF_IP_PRE_ROUTING
target: MARK set 0x0 index 0
RTNETLINK answers: Invalid argument
We have an error talking to the kernel
With the one -
++ /usr/sbin/tc filter add dev eth0 parent ffff: protocol ip prio 10 u32
match u32 0 0 flowid 1:1 action ipt -j MARK --set-mark 1
tablename: mangle hook: NF_IP_PRE_ROUTING
target: MARK set 0x1 index 0
RTNETLINK answers: Invalid argument
We have an error talking to the kernel
>
> b) above with mirred as the next action fails in user space
Yes -
++ /usr/sbin/tc filter add dev eth0 parent ffff: protocol ip prio 10 u32
match u32 0 0 flowid 1:1 action ipt -j MARK --set-mark 1 action mirred
egress redirect dev dummy0
tablename: mangle hook: NF_IP_PRE_ROUTING
target: MARK set 0x1 index 0
bad action type mirred
Usage: ... gact <ACTION> [RAND] [INDEX]
Where: ACTION := reclassify | drop | continue | pass RAND := random
<RANDTYPE> <ACTION> <VAL>RANDTYPE := netrand | determVAL : = value not
exceeding 10000INDEX := index value used
bad action parsing
parse_action: bad value (5:mirred)!
Illegal "action"
I notice if I grep iproute for "bad action type" it's in m_gact.c which
does not contain the word mirred to test at all.
>
> c) a) with a simple "action ok" is also rejected by the kernel
> with "Invalid argument"
Yes.
>
> Did i miss anything else?
Don't think so - I can get a and c to work with older iptables and headers.
Andy.
next prev parent reply other threads:[~2005-03-22 21:09 UTC|newest]
Thread overview: 126+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-30 22:12 dummy as IMQ replacement Jamal Hadi Salim
2005-01-31 8:20 ` Hasso Tepper
2005-01-31 12:25 ` jamal
2005-01-31 12:38 ` Hasso Tepper
2005-01-31 12:47 ` jamal
2005-01-31 13:02 ` Hasso Tepper
2005-01-31 13:28 ` Thomas Graf
2005-01-31 13:45 ` jamal
2005-01-31 14:06 ` Thomas Graf
2005-01-31 14:29 ` jamal
2005-01-31 13:39 ` jamal
2005-01-31 14:14 ` Hasso Tepper
2005-01-31 14:25 ` jamal
2005-01-31 14:46 ` Hasso Tepper
2005-01-31 15:34 ` jamal
2005-01-31 18:00 ` Lennert Buytenhek
2005-01-31 20:08 ` jamal
2005-01-31 13:58 ` Thomas Graf
2005-01-31 14:19 ` jamal
2005-01-31 15:15 ` Thomas Graf
2005-01-31 15:40 ` jamal
2005-01-31 15:59 ` Thomas Graf
2005-01-31 16:40 ` jamal
2005-01-31 18:15 ` Thomas Graf
2005-01-31 20:18 ` jamal
2005-01-31 22:53 ` Thomas Graf
2005-02-01 12:02 ` jamal
2005-02-01 12:51 ` Thomas Graf
2005-02-01 13:13 ` jamal
2005-02-01 22:44 ` Thomas Graf
2005-02-02 14:24 ` jamal
2005-02-02 15:40 ` Thomas Graf
2005-02-02 15:55 ` Thomas Graf
2005-01-31 20:28 ` David S. Miller
2005-02-01 1:02 ` Andy Furniss
2005-02-01 13:31 ` Thomas Graf
2005-02-01 15:03 ` Andy Furniss
2005-02-02 13:28 ` Thomas Graf
2005-01-31 16:27 ` Andre Correa
2005-01-31 16:51 ` Jamal Hadi Salim
2005-01-31 22:39 ` Andy Furniss
2005-02-01 11:49 ` jamal
2005-02-01 14:53 ` Andy Furniss
2005-02-02 14:05 ` jamal
2005-02-04 0:33 ` Andy Furniss
2005-02-01 11:32 ` Andy Furniss
[not found] ` <0fcf01c5077f$579e4b80$6e69690a@RIMAS>
[not found] ` <1107174142.8021.121.camel@jzny.localdomain>
2005-03-09 14:30 ` Remus
2005-03-09 14:38 ` jamal
2005-03-10 1:06 ` Jamal Hadi Salim
2005-03-10 9:18 ` Remus
2005-03-10 11:22 ` jamal
2005-03-19 1:09 ` Andy Furniss
2005-03-19 1:45 ` jamal
2005-03-19 10:23 ` Andy Furniss
2005-03-20 13:20 ` jamal
2005-03-20 13:55 ` jamal
2005-03-20 18:31 ` jamal
2005-03-21 22:08 ` Andy Furniss
2005-03-21 13:14 ` iptables breakage WAS(Re: " jamal
2005-03-21 21:50 ` Andy Furniss
2005-03-21 22:41 ` jamal
2005-03-22 1:15 ` Andy Furniss
2005-03-22 3:31 ` jamal
2005-03-22 21:09 ` Andy Furniss [this message]
2005-03-23 3:57 ` jamal
2005-03-23 19:33 ` Andy Furniss
2005-03-23 19:45 ` jamal
2005-03-23 20:53 ` Andy Furniss
2005-03-23 21:07 ` jamal
2005-03-23 22:46 ` Andy Furniss
2005-03-23 23:12 ` Andy Furniss
2005-03-24 0:34 ` jamal
2005-03-24 1:00 ` Andy Furniss
2005-03-24 0:53 ` jamal
2005-03-24 1:08 ` Andy Furniss
2005-03-24 11:32 ` jamal
2005-03-24 11:57 ` jamal
2005-03-24 15:41 ` Andy Furniss
2005-03-25 11:13 ` jamal
2005-03-25 12:39 ` jamal
2005-03-25 17:27 ` Patrick McHardy
2005-03-25 18:34 ` jamal
2005-03-25 19:01 ` Patrick McHardy
2005-03-25 20:07 ` Patrick McHardy
2005-03-25 20:31 ` jamal
2005-03-25 20:37 ` Patrick McHardy
2005-03-25 20:54 ` jamal
2005-03-25 21:23 ` Patrick McHardy
2005-03-25 19:08 ` jamal
2005-03-25 19:22 ` jamal
2005-03-25 19:59 ` Andy Furniss
2005-03-25 20:09 ` Patrick McHardy
2005-03-25 20:42 ` Andy Furniss
2005-03-25 20:10 ` jamal
2005-03-25 20:18 ` Patrick McHardy
2005-03-25 20:45 ` jamal
2005-03-25 21:10 ` Patrick McHardy
2005-03-25 21:57 ` jamal
2005-03-25 20:20 ` Thomas Graf
2005-03-25 20:48 ` jamal
2005-03-25 21:01 ` Thomas Graf
2005-03-25 21:48 ` jamal
2005-03-25 22:03 ` Thomas Graf
2005-03-25 22:20 ` jamal
2005-03-25 20:39 ` Patrick McHardy
2005-03-25 20:55 ` jamal
2005-03-25 21:00 ` Patrick McHardy
2005-03-25 21:44 ` jamal
2005-03-25 21:18 ` Andy Furniss
2005-03-25 22:12 ` IMQ again WAS(Re: " jamal
2005-03-25 23:26 ` Andy Furniss
2005-03-27 19:35 ` Andy Furniss
2005-03-28 13:39 ` Andy Furniss
2005-03-28 13:45 ` jamal
2005-03-28 13:55 ` Andy Furniss
2005-03-28 14:08 ` jamal
2005-03-28 13:57 ` jamal
2005-03-28 14:12 ` Andy Furniss
2005-03-28 14:20 ` jamal
2005-03-28 14:28 ` Andy Furniss
2005-03-28 14:36 ` Andy Furniss
2005-03-28 15:24 ` Andy Furniss
2005-03-28 19:27 ` jamal
2005-03-28 20:13 ` Andy Furniss
2005-03-23 1:31 ` Patrick McHardy
2005-03-23 4:01 ` jamal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42408998.5000202@dsl.pipex.com \
--to=andy.furniss@dsl.pipex.com \
--cc=andre@tomt.net \
--cc=damion@snapgear.com \
--cc=hadi@cyberus.ca \
--cc=kaber@trash.net \
--cc=laforge@gnumonks.org \
--cc=netdev@oss.sgi.com \
--cc=nguyendinhnam@gmail.com \
--cc=rmocius@auste.elnet.lt \
--cc=syrius.ml@no-log.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.