* some bug in iproute2
@ 2009-08-06 8:50 Sergey Popov
2009-08-07 10:12 ` Jarek Poplawski
0 siblings, 1 reply; 4+ messages in thread
From: Sergey Popov @ 2009-08-06 8:50 UTC (permalink / raw)
To: netdev
# tc f add dev eth0 parent 1: proto ip prio 2 u32 match u32 0 0 action ipt -j MARK --set-mark 1
/usr/lib64/iptables/libipt_mark.so: cannot open shared object file: No such file or directory
failed to find target MARK
bad action parsing
parse_action: bad value (5:ipt)!
Illegal "action"
But mark target is compiled in kernel (not a module)
# iptables -t mangle -A PREROUTING -i eth1 -j MARK --set-mark 1
# iptables -t mangle -L PREROUTING
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
MARK all -- anywhere anywhere MARK xset
0x1/0xffffffff
This shouldn't be.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: some bug in iproute2
2009-08-06 8:50 some bug in iproute2 Sergey Popov
@ 2009-08-07 10:12 ` Jarek Poplawski
2009-08-07 14:28 ` jamal
0 siblings, 1 reply; 4+ messages in thread
From: Jarek Poplawski @ 2009-08-07 10:12 UTC (permalink / raw)
To: Sergey Popov; +Cc: netdev, jamal
On 06-08-2009 10:50, Sergey Popov wrote:
> # tc f add dev eth0 parent 1: proto ip prio 2 u32 match u32 0 0 action ipt -j MARK --set-mark 1
> /usr/lib64/iptables/libipt_mark.so: cannot open shared object file: No such file or directory
> failed to find target MARK
>
> bad action parsing
> parse_action: bad value (5:ipt)!
> Illegal "action"
>
>
> But mark target is compiled in kernel (not a module)
>
> # iptables -t mangle -A PREROUTING -i eth1 -j MARK --set-mark 1
> # iptables -t mangle -L PREROUTING
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> MARK all -- anywhere anywhere MARK xset
> 0x1/0xffffffff
>
> This shouldn't be.
If you're using iptables > 1.4.2 then it's a known problem.
You can read more in a netdev thread:
Subject: iproute2 action/policer question
starting date: Tue, 09 Jun 2009 22:10:46 +0200
Jarek P.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: some bug in iproute2
2009-08-07 10:12 ` Jarek Poplawski
@ 2009-08-07 14:28 ` jamal
[not found] ` <20090807202725.784dab6b@azure>
0 siblings, 1 reply; 4+ messages in thread
From: jamal @ 2009-08-07 14:28 UTC (permalink / raw)
To: Jarek Poplawski; +Cc: Sergey Popov, netdev
On Fri, 2009-08-07 at 10:12 +0000, Jarek Poplawski wrote:
> On 06-08-2009 10:50, Sergey Popov wrote:
> If you're using iptables > 1.4.2 then it's a known problem.
> You can read more in a netdev thread:
> Subject: iproute2 action/policer question
> starting date: Tue, 09 Jun 2009 22:10:46 +0200
I am giving up on fixing it for that release for general distros.
I will wait until iptables 1.4.4 becomes mainstream then i will make
another fix. It is very hard to keep up concurently with a) apis
changing randomly on the part of iptables b) distros picking random
versions of iptables and c) iproute2 being released in random
uncoordinated manner.
Maybe a solution that would work is to fork iproute2 or make ipt
part of iptables. In the meantime i can work with anyone who wants
to get it to work with fixed version of iproute2 + iptables. Sergey,
if this is of interest to you let me know.
cheers,
jamal
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-08-08 12:51 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-08-06 8:50 some bug in iproute2 Sergey Popov
2009-08-07 10:12 ` Jarek Poplawski
2009-08-07 14:28 ` jamal
[not found] ` <20090807202725.784dab6b@azure>
[not found] ` <1249734651.7101.38.camel@dogo.mojatatu.com>
2009-08-08 12:49 ` jamal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).