From: Nishit Shah <nsshah.82@gmail.com>
To: Patrick McHardy <kaber@trash.net>
Cc: jengelh@medozas.de, Richard Horton <arimus.uk@googlemail.com>,
netfilter-devel@vger.kernel.org, netfilter@vger.kernel.org
Subject: Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5
Date: Tue, 30 Jun 2009 13:38:40 +0530 [thread overview]
Message-ID: <b2d58cb80906300108q2ee5a060gf8013a88560d8820@mail.gmail.com> (raw)
In-Reply-To: <b2d58cb80906290918q2da5af1ap87772755b3363032@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1730 bytes --]
On Mon, Jun 29, 2009 at 9:48 PM, Nishit Shah<nsshah.82@gmail.com> wrote:
> On Mon, Jun 29, 2009 at 9:14 PM, Patrick McHardy<kaber@trash.net> wrote:
>> Nishit Shah wrote:
>>>
>>> On Mon, Jun 29, 2009 at 8:28 PM, Patrick McHardy<kaber@trash.net> wrote:
>>>>
>>>> Nishit Shah wrote:
>>>>>
>>>>> On Mon, Jun 29, 2009 at 7:51 PM, Richard
>>>>> Horton<arimus.uk@googlemail.com>
>>>>> wrote:
>>>>>>
>>>>>> 2009/6/29 Nishit Shah <nsshah.82@gmail.com>:
>>>>>>>
>>>>>>> Hi,
>>>>>>> I am compiling arptables-v0.0.3-3/arptables-v0.0.3-2 on
>>>>>>> fedora6,7,8/centos 5/redhat 5. Module is compiled successfully.
>>>>>>> Following are the simple steps.
>>>>
>>>> Which kernel versions (the lowest) are these running?
>>>>
>>>
>>> lowest is 2.6.18.
>>
>> Ah, I remember, we had some breakage with of the ARPT codes with the
>> introduction of x_tables in 2.6.16. Please try to figure out the
>> difference of those values between working and non-working state
>> (ARPT_CONTINUE, ARPT_RETURN etc.)
>>
>
> Bingo !!!
>
> It is due to the value of ARPT_RETURN. ARPT_RETURN defined in
> arptables-v0.0.3-3 is
>
> ./include/linux/netfilter_arp/arp_tables.h:#define ARPT_RETURN
> (-NF_MAX_VERDICT - 1)
>
> and value of NF_MAX_VERDICT is different on machine running with gcc
> 2.96/glibc 2.2.4 and above all machines.
>
> value of NF_MAX_VERDICT on machine running gcc 2.96 and glibc 2.2.4,
>
> /usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_REPEAT
>
> and same file on all above machines,
>
> /usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_STOP
>
> Thanks Patrick :)
>
> Rgds,
> Nishit Shah.
>
I am adding the patch for the same.
Rgds,
Nishit Shah.
[-- Attachment #2: arpt-return-fix.patch --]
[-- Type: application/octet-stream, Size: 1052 bytes --]
diff -Paur arptables-v0.0.3-3/include/arp_tables.h arptables-v0.0.3-3-tmp/include/arp_tables.h
--- arptables-v0.0.3-3/include/arp_tables.h 2007-08-19 18:34:51.000000000 +0530
+++ arptables-v0.0.3-3-tmp/include/arp_tables.h 2009-06-30 12:38:22.000000000 +0530
@@ -154,7 +154,7 @@
#define ARPT_CONTINUE 0xFFFFFFFF
/* For standard target */
-#define ARPT_RETURN (-NF_MAX_VERDICT - 1)
+#define ARPT_RETURN (-NF_REPEAT - 1)
/* The argument to ARPT_SO_GET_INFO */
struct arpt_getinfo
diff -Paur arptables-v0.0.3-3/include/linux/netfilter_arp/arp_tables.h arptables-v0.0.3-3-tmp/include/linux/netfilter_arp/arp_tables.h
--- arptables-v0.0.3-3/include/linux/netfilter_arp/arp_tables.h 2007-08-19 18:36:01.000000000 +0530
+++ arptables-v0.0.3-3-tmp/include/linux/netfilter_arp/arp_tables.h 2009-06-30 12:38:11.000000000 +0530
@@ -154,7 +154,7 @@
#define ARPT_CONTINUE 0xFFFFFFFF
/* For standard target */
-#define ARPT_RETURN (-NF_MAX_VERDICT - 1)
+#define ARPT_RETURN (-NF_REPEAT - 1)
/* The argument to ARPT_SO_GET_INFO */
struct arpt_getinfo
next prev parent reply other threads:[~2009-06-30 8:08 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-29 14:12 arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5 Nishit Shah
2009-06-29 14:21 ` Richard Horton
2009-06-29 14:51 ` Nishit Shah
2009-06-29 14:58 ` Patrick McHardy
2009-06-29 15:18 ` Nishit Shah
2009-06-29 15:44 ` Patrick McHardy
2009-06-29 16:18 ` Nishit Shah
2009-06-30 8:08 ` Nishit Shah [this message]
2009-07-01 9:56 ` Patrick McHardy
2009-07-01 11:09 ` Jan Engelhardt
2009-07-01 11:18 ` Patrick McHardy
2009-07-02 16:58 ` Bart De Schuymer
2009-07-05 12:59 ` Bart De Schuymer
2009-07-05 15:59 ` Jan Engelhardt
2009-07-06 19:54 ` Bart De Schuymer
2009-07-06 20:01 ` Jan Engelhardt
2009-07-08 6:57 ` Nishit Shah
2009-07-09 17:50 ` Bart De Schuymer
2009-06-29 18:47 ` Jan Engelhardt
-- strict thread matches above, loose matches on Subject: below --
2009-07-01 11:02 bdschuym@pandora.be
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b2d58cb80906300108q2ee5a060gf8013a88560d8820@mail.gmail.com \
--to=nsshah.82@gmail.com \
--cc=arimus.uk@googlemail.com \
--cc=jengelh@medozas.de \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).