[xtables-addons] "unknown option `--gw'" for target TEE

[xtables-addons] "unknown option `--gw'" for target TEE

[Olivier Mehani]

[-- Attachment #1: Type: text/plain, Size: 794 bytes --]

Hello,

I'm trying to copy the IPv6 traffic a router sees on eth0 to a logging
machine on eth1's netmork:

[LOG]eth0--(PFX1::/64)--eth1[ROUTER]eth0---(PFX2::/64)


I installed xtables-addons 1.20 on top of iptables 1.4.5 and kernel
2.6.30 (x86_64) and want to use the TEE target. I however get an error
when trying to use it.

# ip6tables -t mangle -A PREROUTING -i eth0 -j TEE --gw PFX1:46ff:fee0:dfcc
ip6tables v1.4.5: unknown option `--gw'
Try `ip6tables -h' or 'ip6tables --help' for more information.

As far as my understanding of the doc goes, my command is valid, but it
doesn't work.

What am I doing wrong/misunderstanding?

Thanks in advance.

-- 
Olivier Mehani <olivier.mehani@inria.fr>
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE  F5F9 F012 A6E2 98C6 6655

[-- Attachment #2: Type: application/pgp-signature, Size: 490 bytes --]

Re: [xtables-addons] "unknown option `--gw'" for target TEE

[Florian Westphal]

Olivier Mehani <olivier.mehani@inria.fr> wrote:
> # ip6tables -t mangle -A PREROUTING -i eth0 -j TEE --gw PFX1:46ff:fee0:dfcc
> ip6tables v1.4.5: unknown option `--gw'
> Try `ip6tables -h' or 'ip6tables --help' for more information.

The Documentation is wrong, try "--gateway".

Re: [xtables-addons] [SOLVED] "unknown option `--gw'" for target TEE

[Olivier Mehani]

[-- Attachment #1.1: Type: text/plain, Size: 961 bytes --]

Replying to self, funny how a night's sleep help find new approaches.

On Wed, Nov 25, 2009 at 09:34:34AM +0100, Olivier Mehani wrote:
> # ip6tables -t mangle -A PREROUTING -i eth0 -j TEE --gw PFX1:46ff:fee0:dfcc
> ip6tables v1.4.5: unknown option `--gw'
> Try `ip6tables -h' or 'ip6tables --help' for more information.
> 
> As far as my understanding of the doc goes, my command is valid, but it
> doesn't work.

In contradiction with the documentation, the proper parameter is
actually --gateway, thus
# ip6tables -t mangle -A PREROUTING -i eth0 -j TEE --gateway PFX1:EUI64
works like a charm.

Maybe the documentation should be udpated as per the attached patch?
It removes all occurences of --gw in the dor and error messages, and
adds a quick example (quite similar to my scenario).

Finally, beware of router advertisements.

-- 
Olivier Mehani <shtrom@ssji.net>
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE  F5F9 F012 A6E2 98C6 6655

[-- Attachment #1.2: TEE-doc.patch --]
[-- Type: text/plain, Size: 3079 bytes --]

Index: xtables-addons-1.20/extensions/libxt_TEE.c
===================================================================
--- xtables-addons-1.20.orig/extensions/libxt_TEE.c
+++ xtables-addons-1.20/extensions/libxt_TEE.c
@@ -51,7 +51,7 @@ static int tee_tg_parse(int c, char **ar
 	case 'g':
 		if (*flags & FLAG_GATEWAY)
 			xtables_error(PARAMETER_PROBLEM,
-			           "Cannot specify --gw more than once");
+			           "Cannot specify --gateway more than once");
 
 		ia = xtables_numeric_to_ipaddr(optarg);
 		if (ia == NULL)
@@ -76,7 +76,7 @@ static int tee_tg6_parse(int c, char **a
 	case 'g':
 		if (*flags & FLAG_GATEWAY)
 			xtables_error(PARAMETER_PROBLEM,
-			           "Cannot specify --gw more than once");
+			           "Cannot specify --gateway more than once");
 
 		ia = xtables_numeric_to_ip6addr(optarg);
 		if (ia == NULL)
Index: xtables-addons-1.20/extensions/libxt_TEE.man
===================================================================
--- xtables-addons-1.20.orig/extensions/libxt_TEE.man
+++ xtables-addons-1.20/extensions/libxt_TEE.man
@@ -3,6 +3,10 @@ machine on the \fBlocal\fP network segme
 must be the target, or you will have to configure the nexthop to forward it
 further if so desired.
 .TP
-\fB\-\-gw\fP \fIipaddr\fP
+\fB\-\-gateway\fP \fIipaddr\fP
 Send the cloned packet to the host reachable at the given IP address.
 Use of 0.0.0.0 (for IPv4 packets) or :: (IPv6) is invalid.
+.TP
+To forward all incoming traffic on eth0 to an IP-level logging box:
+.IP
+\-t mangle -A PREROUTING -i eth0 -j TEE --gateway 2001:db8::1
Index: xtables-addons-1.20/extensions/xt_TEE.c
===================================================================
--- xtables-addons-1.20.orig/extensions/xt_TEE.c
+++ xtables-addons-1.20/extensions/xt_TEE.c
@@ -175,7 +175,7 @@ tee_tg4(struct sk_buff **pskb, const str
 	/*
 	 * Copy the skb, and route the copy. Will later return %XT_CONTINUE for
 	 * the original skb, which should continue on its way as if nothing has
-	 * happened. The copy should be independently delivered to the TEE --gw.
+	 * happened. The copy should be independently delivered to the TEE --gateway.
 	 */
 	skb = skb_copy(skb, GFP_ATOMIC);
 	if (skb == NULL) {
Index: xtables-addons-1.20/xtables-addons.8
===================================================================
--- xtables-addons-1.20.orig/xtables-addons.8
+++ xtables-addons-1.20/xtables-addons.8
@@ -48,9 +48,13 @@ machine on the \fBlocal\fP network segme
 must be the target, or you will have to configure the nexthop to forward it
 further if so desired.
 .TP
-\fB\-\-gw\fP \fIipaddr\fP
+\fB\-\-gateway\fP \fIipaddr\fP
 Send the cloned packet to the host reachable at the given IP address.
 Use of 0.0.0.0 (for IPv4 packets) or :: (IPv6) is invalid.
+.TP
+To forward all incoming traffic on eth0 to an IP-level logging box:
+.IP
+\-t mangle -A PREROUTING -i eth0 -j TEE --gateway 2001:db8::1
 .SS RAWSNAT
 The \fBRAWSNAT\fR and \fBRAWDNAT\fP targets provide stateless network address
 translation.

[-- Attachment #2: Type: application/pgp-signature, Size: 490 bytes --]

Re: [xtables-addons] [SOLVED] "unknown option `--gw'" for target TEE

[Jan Engelhardt]

>Replying to self, funny how a night's sleep help find new approaches.
>
>On Wed, Nov 25, 2009 at 09:34:34AM +0100, Olivier Mehani wrote:
>> # ip6tables -t mangle -A PREROUTING -i eth0 -j TEE --gw PFX1:46ff:fee0:dfcc
>> ip6tables v1.4.5: unknown option `--gw'
>> Try `ip6tables -h' or 'ip6tables --help' for more information.
>> 
>> As far as my understanding of the doc goes, my command is valid, but it
>> doesn't work.
>
>In contradiction with the documentation, the proper parameter is
>actually --gateway, thus
># ip6tables -t mangle -A PREROUTING -i eth0 -j TEE --gateway PFX1:EUI64
>works like a charm.
>
>Maybe the documentation should be udpated as per the attached patch?
>It removes all occurences of --gw in the dor and error messages, and
>adds a quick example (quite similar to my scenario).

Yes fixed.