[PATCH] [IPROUTE2] Compatibility with iptables 1.4.0

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] [IPROUTE2] Compatibility with iptables 1.4.0
@ 2007-12-24 16:07 Denys Fedoryshchenko
  2007-12-24 16:30 ` jamal
  0 siblings, 1 reply; 4+ messages in thread
From: Denys Fedoryshchenko @ 2007-12-24 16:07 UTC (permalink / raw)
  To: hadi; +Cc: netdev

Hi, probably like this will be better?
Previous patch was not backward compatible.

Btw i checked twice, name is changed from libipt_MARK to libxt_MARK. So
probably when you have tested this, your iproute2 was looking to old
libipt_MARK (iptables is not deleting old libraries on make install).

-------------------------

New iptables 1.4.0 need additional dummy functions, and some library names is
changed from libipt to libxt.
It is prefferable also to open libxt_ first, as newer "style".

Signed-off-by: Denys Fedoryshchenko <nuclearcat@nuclearcat.com>
---
 drivers/watchdog/w83697hf_wdt.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)
diff -Naur iproute2/tc/m_ipt.c iproute2-new/tc/m_ipt.c
--- iproute2/tc/m_ipt.c     2007-12-24 16:59:19.000000000 +0200
+++ iproute2-new/tc/m_ipt.c     2007-12-24 17:46:14.000000000 +0200
@@ -69,6 +69,27 @@
 }

 void
+xtables_register_target(struct iptables_target *me)
+{
+       me->next = t_list;
+       t_list = me;
+}
+
+
+void
+xtables_register_match(struct iptables_target *me)
+{
+       me->next = t_list;
+       t_list = me;
+}
+
+void
 exit_tryhelp(int status)
 {
        fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",
@@ -248,16 +269,25 @@
                }
        }

-       sprintf(path,  "%s/libipt_%s.so",lib_dir, new_name);
+       sprintf(path,  "%s/libxt_%s.so",lib_dir, new_name);
        handle = dlopen(path, RTLD_LAZY);
        if (!handle) {
-               sprintf(path, lib_dir, "/libipt_%s.so", lname);
+               sprintf(path, "%s/libipt_%s.so", lib_dir , new_name);
                handle = dlopen(path, RTLD_LAZY);
-               if (!handle) {
-                       fputs(dlerror(), stderr);
-                       printf("\n");
-                       return NULL;
-               }
+       }
+       if (!handle) {
+               sprintf(path, "%s/libxt_%s.so", lib_dir , lname);
+               handle = dlopen(path, RTLD_LAZY);
+       }
+       if (!handle) {
+               sprintf(path, "%s/libipt_%s.so", lib_dir , lname);
+               handle = dlopen(path, RTLD_LAZY);
+       }
+       if (!handle) {
+               sprintf(path, "%s/libipt_%s.so", lib_dir , lname);
+               fputs(dlerror(), stderr);
+               printf("\n");
+               return NULL;
        }

        m = dlsym(handle, new_name);


--
Denys Fedoryshchenko
Technical Manager
Virtual ISP S.A.L.


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] [IPROUTE2] Compatibility with iptables 1.4.0
  2007-12-24 16:07 [PATCH] [IPROUTE2] Compatibility with iptables 1.4.0 Denys Fedoryshchenko
@ 2007-12-24 16:30 ` jamal
  2007-12-24 16:57   ` jamal
  0 siblings, 1 reply; 4+ messages in thread
From: jamal @ 2007-12-24 16:30 UTC (permalink / raw)
  To: Denys Fedoryshchenko; +Cc: netdev, Pablo Neira Ayuso

On Mon, 2007-24-12 at 18:07 +0200, Denys Fedoryshchenko wrote:
> Hi, probably like this will be better?
> Previous patch was not backward compatible.
> 
> Btw i checked twice, name is changed from libipt_MARK to libxt_MARK. So
> probably when you have tested this, your iproute2 was looking to old
> libipt_MARK (iptables is not deleting old libraries on make install).
> 


Grr. I tested with a different iptables target and thought the rest work
in the same manner. iptables needs to be consistent.

-----
lilsol:~# export IPTABLES_LIB_DIR=/root/iptables-1.4.0/extensions/
lilsol:~# tc actions add action ipt -j TOS --set-tos
Maximize-Reliability
tablename: mangle hook: NF_IP_POST_ROUTING
        target: TOS set Maximize-Reliability  index 0
lilsol:~# tc actions ls action ipt

        action order 0: tablename: mangle  hook: NF_IP_POST_ROUTING
        target TOS set Maximize-Reliability
        index 2 ref 1 bind 0
// the above is what i tested
// below is what you did
lilsol:~# tc actions add action ipt -j mark --set-mark 3
/root/iptables-1.4.0/extensions/: cannot read file data: Is a directory
 failed to find target mark

bad action parsing
parse_action: bad value (5:ipt)!
Illegal "action"
Command "add" is unknown, try "tc actions help".
lilsol:~#
------------

Applying your patch ....
Seems corrupt; let me fix it up, test it and resend it to Stephen.

cheers,
jamal



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] [IPROUTE2] Compatibility with iptables 1.4.0
  2007-12-24 16:30 ` jamal
@ 2007-12-24 16:57   ` jamal
  2007-12-26 10:59     ` Pablo Neira Ayuso
  0 siblings, 1 reply; 4+ messages in thread
From: jamal @ 2007-12-24 16:57 UTC (permalink / raw)
  To: Denys Fedoryshchenko; +Cc: netdev, Pablo Neira Ayuso


I just submitted a tested, slightly reduced patch (example we dont need
to register matches) and it works as expected now. Thanks for the
excellent work Denys.

Pablo, below looks an oversight.
I think there are some libraries like the mark target need also to be
backward compatible.

cheers,
jamal

On Mon, 2007-24-12 at 11:30 -0500, jamal wrote:

> Grr. I tested with a different iptables target and thought the rest work
> in the same manner. iptables needs to be consistent.
> 
> -----
> lilsol:~# export IPTABLES_LIB_DIR=/root/iptables-1.4.0/extensions/
> lilsol:~# tc actions add action ipt -j TOS --set-tos
> Maximize-Reliability
> tablename: mangle hook: NF_IP_POST_ROUTING
>         target: TOS set Maximize-Reliability  index 0
> lilsol:~# tc actions ls action ipt
> 
>         action order 0: tablename: mangle  hook: NF_IP_POST_ROUTING
>         target TOS set Maximize-Reliability
>         index 2 ref 1 bind 0
> // the above is what i tested
> // below is what you did
> lilsol:~# tc actions add action ipt -j mark --set-mark 3
> /root/iptables-1.4.0/extensions/: cannot read file data: Is a directory
>  failed to find target mark
> 
> bad action parsing
> parse_action: bad value (5:ipt)!
> Illegal "action"
> Command "add" is unknown, try "tc actions help".
> lilsol:~#
> ------------
> 
> Applying your patch ....
> Seems corrupt; let me fix it up, test it and resend it to Stephen.
> 
> cheers,
> jamal
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] [IPROUTE2] Compatibility with iptables 1.4.0
  2007-12-24 16:57   ` jamal
@ 2007-12-26 10:59     ` Pablo Neira Ayuso
  0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2007-12-26 10:59 UTC (permalink / raw)
  To: hadi; +Cc: Denys Fedoryshchenko, netdev

Hi Jamal,

jamal wrote:
> Pablo, below looks an oversight.
> I think there are some libraries like the mark target need also to be
> backward compatible.

Shouldn't "mark" be in capital letters?

>> lilsol:~# export IPTABLES_LIB_DIR=/root/iptables-1.4.0/extensions/
>> lilsol:~# tc actions add action ipt -j TOS --set-tos
                                          ^^^
                                         this is OK

>> lilsol:~# tc actions add action ipt -j mark --set-mark 3
                                          ^^^
                                          MARK

I'm sorry for the breakage. We definitely need a library for iptables so
this sort of stuff would not happen :(

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2007-12-26 11:06 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-12-24 16:07 [PATCH] [IPROUTE2] Compatibility with iptables 1.4.0 Denys Fedoryshchenko
2007-12-24 16:30 ` jamal
2007-12-24 16:57   ` jamal
2007-12-26 10:59     ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).