From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5 Date: Wed, 01 Jul 2009 11:56:20 +0200 Message-ID: <4A4B32C4.8050800@trash.net> References: <56378e320906290721i63f969edm90aed19619decf71@mail.gmail.com> <4A48D6AD.4010005@trash.net> <4A48E14A.3060708@trash.net> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Sender: netfilter-devel-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Nishit Shah Cc: jengelh@medozas.de, Richard Horton , netfilter-devel@vger.kernel.org, netfilter@vger.kernel.org, Bart De Schuymer Nishit Shah wrote: > On Mon, Jun 29, 2009 at 9:48 PM, Nishit Shah wrote: >> On Mon, Jun 29, 2009 at 9:14 PM, Patrick McHardy wrote: >>> Ah, I remember, we had some breakage with of the ARPT codes with the >>> introduction of x_tables in 2.6.16. Please try to figure out the >>> difference of those values between working and non-working state >>> (ARPT_CONTINUE, ARPT_RETURN etc.) >>> >> Bingo !!! >> >> It is due to the value of ARPT_RETURN. ARPT_RETURN defined in >> arptables-v0.0.3-3 is >> >> ./include/linux/netfilter_arp/arp_tables.h:#define ARPT_RETURN >> (-NF_MAX_VERDICT - 1) >> >> and value of NF_MAX_VERDICT is different on machine running with gcc >> 2.96/glibc 2.2.4 and above all machines. >> >> value of NF_MAX_VERDICT on machine running gcc 2.96 and glibc 2.2.4, >> >> /usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_REPEAT >> >> and same file on all above machines, >> >> /usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_STOP >> >> Thanks Patrick :) >> >> Rgds, >> Nishit Shah. >> > > I am adding the patch for the same. Please send this to Bart (CCed), who is maintaining arptables.