From: Nishit Shah <nsshah.82@gmail.com>
To: Richard Horton <arimus.uk@googlemail.com>
Cc: netfilter-devel@vger.kernel.org, netfilter@vger.kernel.org
Subject: Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5
Date: Mon, 29 Jun 2009 20:21:48 +0530 [thread overview]
Message-ID: <b2d58cb80906290751j7fb3976bx9d04fed852c8b451@mail.gmail.com> (raw)
In-Reply-To: <56378e320906290721i63f969edm90aed19619decf71@mail.gmail.com>
On Mon, Jun 29, 2009 at 7:51 PM, Richard Horton<arimus.uk@googlemail.com> wrote:
> 2009/6/29 Nishit Shah <nsshah.82@gmail.com>:
>> Hi,
>> I am compiling arptables-v0.0.3-3/arptables-v0.0.3-2 on
>> fedora6,7,8/centos 5/redhat 5. Module is compiled successfully.
>> Following are the simple steps.
>>
>> make
>> make install
>>
>> Now, I am applying following rules,
>>
>> arptables -N user1
>> arptables -N user2
>> arptables -N user3
>>
>> arptables -A INPUT -j user1
>> arptables -A INPUT -j user2
>> arptables -A INPUT -j user3
>>
>> when I am doing arptables -nvx -L, I am getting packet counts
>> on only "arptables -A INPUT -j user1", no packet counts on user2 and
>> user3 chains. If I remove the user1 chain, I am getting packet counts
>> on user2 chain, not on user3 chain. It means only the first user
>> defined chain is traversing.
>>
>> all above machine contains gcc >= 4.1.2 and glibc >= 2.5
>>
>> If i compile the same source with machine having gcc 2.96 and
>> glibc 2.2.4 things are working properly on the above machines.
>> Is it something related to gcc and/or glibc ? as I am not
>> seeing any issues with kernel space arptables code.
>>
>> Rgds,
>> Nishit Shah.
>
>
> I might be missing something obvious but all three rules are identical
> so traffic is going to hit the first rule and go down to user1 chain.
>
>
> Your user chains don't have any actions associated so looks to me like
> it enter the chain, nothing will happen - including not returning to
> the input chain so the other rules aren't being hit.
> --
> Richard Horton
> Users are like a virus: Each causing a thousand tiny crises until the
> host finally dies.
> http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
> http://www.pbase.com/arimus - My online photogallery
>
If user chain doesn't have any actions associated, action is
ARPT_CONTINUE. So, the packet will traverse the next rule in INPUT
(that is arptables -A -j user2) and so on. (That is the behavior I am
getting when compiled with gcc 2.96 and glibc 2.2.4)
Rgds,
Nishit Shah.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2009-06-29 14:51 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-29 14:12 arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5 Nishit Shah
2009-06-29 14:21 ` Richard Horton
2009-06-29 14:51 ` Nishit Shah [this message]
2009-06-29 14:58 ` Patrick McHardy
2009-06-29 15:18 ` Nishit Shah
2009-06-29 15:44 ` Patrick McHardy
2009-06-29 16:18 ` Nishit Shah
2009-06-30 8:08 ` Nishit Shah
2009-07-01 9:56 ` Patrick McHardy
2009-07-01 11:09 ` Jan Engelhardt
2009-07-01 11:18 ` Patrick McHardy
2009-07-02 16:58 ` Bart De Schuymer
2009-07-05 12:59 ` Bart De Schuymer
2009-07-05 15:59 ` Jan Engelhardt
2009-07-06 19:54 ` Bart De Schuymer
2009-07-06 20:01 ` Jan Engelhardt
2009-07-08 6:57 ` Nishit Shah
2009-07-09 17:50 ` Bart De Schuymer
2009-06-29 18:47 ` Jan Engelhardt
-- strict thread matches above, loose matches on Subject: below --
2009-07-01 11:02 bdschuym@pandora.be
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b2d58cb80906290751j7fb3976bx9d04fed852c8b451@mail.gmail.com \
--to=nsshah.82@gmail.com \
--cc=arimus.uk@googlemail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).