(unknown),

(unknown),

[David Boulding]

Hey all,

I'm developing with libnetfilter_queue, using "iptables -A FORWARD ." to
capture packets of interest on a bridge for analysis (firewall). 
I use nfq_get_payload() to grab everything from the IP layer and on, but I
was wondering if there was any way to get the raw MAC layer. 
Is there any command like nfq_get_payload() that will return everything
similar to what you would get using wireshark or ethereal?

Thanks,

Dave

Re: your mail

[Eric Leblond]

Hello,

On Saturday, 2008 July 26 at 21:11:08 -0400, David Boulding wrote:
> Hey all,
> 
> I'm developing with libnetfilter_queue, using "iptables -A FORWARD ." to
> capture packets of interest on a bridge for analysis (firewall). 
> I use nfq_get_payload() to grab everything from the IP layer and on, but I
> was wondering if there was any way to get the raw MAC layer. 
> Is there any command like nfq_get_payload() that will return everything
> similar to what you would get using wireshark or ethereal?

You can use nfq_get_packet_hw():

	Retrieves the hardware address associated with the given queued packet.
	For ethernet packets, the hardware address returned (if any) will be the
	MAC address of the packet source host.  The destination MAC address is not
	known until after POSTROUTING and a successful ARP request, so cannot
	currently be retrieved.

	The nfqnl_msg_packet_hw structure is defined in "libnetfilter_queue/libnetfilter_queue.h" as:

		struct nfqnl_msg_packet_hw {
			u_int16_t	hw_addrlen;
			u_int16_t	_pad;
			u_int8_t	hw_addr[8];
		} __attribute__ ((packed));
.

http://lists.netfilter.org/pipermail/netfilter-devel/2006-February/023286.html

BR,
-- 
Eric Leblond
INL: http://www.inl.fr/
NuFW: http://www.nufw.org/

Re: your mail

[David Boulding]

Thanks for the reply.
I knew of nfq_get_packet_hw(), but I'm looking for a way to get the
raw byte array of the header that I get from the nfq_get_payload()
call. I'm not only looking for the MAC header information (which
nfq_get_packet_hw() will give me easy enough), but whatever else is
there, for example PPPoE and PPP header information. Is there anyway
to get that?

Thanks,

Dave

On Mon, Jul 28, 2008 at 10:14 AM, Eric Leblond <eric@inl.fr> wrote:
>
> Hello,
>
> On Saturday, 2008 July 26 at 21:11:08 -0400, David Boulding wrote:
> > Hey all,
> >
> > I'm developing with libnetfilter_queue, using "iptables -A FORWARD ." to
> > capture packets of interest on a bridge for analysis (firewall).
> > I use nfq_get_payload() to grab everything from the IP layer and on, but I
> > was wondering if there was any way to get the raw MAC layer.
> > Is there any command like nfq_get_payload() that will return everything
> > similar to what you would get using wireshark or ethereal?
>
> You can use nfq_get_packet_hw():
>
>        Retrieves the hardware address associated with the given queued packet.
>        For ethernet packets, the hardware address returned (if any) will be the
>        MAC address of the packet source host.  The destination MAC address is not
>        known until after POSTROUTING and a successful ARP request, so cannot
>        currently be retrieved.
>
>        The nfqnl_msg_packet_hw structure is defined in "libnetfilter_queue/libnetfilter_queue.h" as:
>
>                struct nfqnl_msg_packet_hw {
>                        u_int16_t       hw_addrlen;
>                        u_int16_t       _pad;
>                        u_int8_t        hw_addr[8];
>                } __attribute__ ((packed));
> .
>
> http://lists.netfilter.org/pipermail/netfilter-devel/2006-February/023286.html
>
> BR,
> --
> Eric Leblond
> INL: http://www.inl.fr/
> NuFW: http://www.nufw.org/

Re: your mail

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 727 bytes --]

Hello,

On Monday, 2008 July 28 at 10:21:43 -0400, David Boulding wrote:
> Thanks for the reply.
> I knew of nfq_get_packet_hw(), but I'm looking for a way to get the raw byte
> > >
> > > I'm developing with libnetfilter_queue, using "iptables -A FORWARD ." to
> > > capture packets of interest on a bridge for analysis (firewall).

As you said "analysis", you may only want to "sniff" packet. In that case,
you can use NFLOG (latest git) or ULOG.

NFQUEUE moudle uses the dev_parse_header() function which only return the
source hardware address. You will not be able to retrieve the wanted
information without patching the kernel.

BR,
-- 
Eric Leblond
INL: http://www.inl.fr/
NuFW: http://www.nufw.org/

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

Re: your mail

[David Boulding]

I've never heard of NFLOG or ULOG, is there any documentation under
netfilter on how to use it? How would I get the data that I want (to
sniff) using NFLOG/ULOG?

Dave

On Mon, Jul 28, 2008 at 10:43 AM, Eric Leblond <eric@inl.fr> wrote:
> Hello,
>
> On Monday, 2008 July 28 at 10:21:43 -0400, David Boulding wrote:
>> Thanks for the reply.
>> I knew of nfq_get_packet_hw(), but I'm looking for a way to get the raw byte
>> > >
>> > > I'm developing with libnetfilter_queue, using "iptables -A FORWARD ." to
>> > > capture packets of interest on a bridge for analysis (firewall).
>
> As you said "analysis", you may only want to "sniff" packet. In that case,
> you can use NFLOG (latest git) or ULOG.
>
> NFQUEUE moudle uses the dev_parse_header() function which only return the
> source hardware address. You will not be able to retrieve the wanted
> information without patching the kernel.
>
> BR,
> --
> Eric Leblond
> INL: http://www.inl.fr/
> NuFW: http://www.nufw.org/
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkiN2x0ACgkQnxA7CdMWjzJSmQCdHBt2ro5Tx7m5GbWhl7uGZz7l
> 5H8Anjc9CaBwO/tOVaywfm+WwzeeBayE
> =felb
> -----END PGP SIGNATURE-----
>
>

Re: your mail

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 1227 bytes --]

Hello,

On Monday, 2008 July 28 at 11:33:24 -0400, David Boulding wrote:
> I've never heard of NFLOG or ULOG, is there any documentation under
> netfilter on how to use it? How would I get the data that I want (to
> sniff) using NFLOG/ULOG?

For ULOG, you can have a look at ulogd or ulogd2 code.
	http://git.netfilter.org/cgi-bin/gitweb.cgi?p=ulogd2.git;a=blob;f=input/packet/ulogd_inppkt_ULOG.c;h=c00d9bf8a965be7f961738892e19191efcf8f691;hb=0b789ea9bf810497845456e9b83bff8c5ae5ca23
By the way, as ulogd2 uses a plugin mechanism, you may be able to build
what you want by coding an ulogd2 plugin. It can provide you a way to
code something independant from low level (NFLOG or ULOG can be used as
input without changing your plugin).

A mini doc about ulogd2 hacking is available here:
	http://home.regit.org/?page_id=90

For NFLOG, you need to use latest git for kernel and libnetfilter_log.

The following functions are available:

- nflog_get_hwtype: to fetch hardware type (and thus give the parser to
  use)
- nflog_get_msg_packet_hwhdrlen: to get hardware header len
- nflog_get_msg_packet_hwhdr: get hardware datas

BR,
-- 
Eric Leblond
INL: http://www.inl.fr/
NuFW: http://www.nufw.org/

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: your mail

[David Boulding]

Thanks for the help!

Dave

On Tue, Jul 29, 2008 at 3:11 AM, Eric Leblond <eric@inl.fr> wrote:
> Hello,
>
> On Monday, 2008 July 28 at 11:33:24 -0400, David Boulding wrote:
>> I've never heard of NFLOG or ULOG, is there any documentation under
>> netfilter on how to use it? How would I get the data that I want (to
>> sniff) using NFLOG/ULOG?
>
> For ULOG, you can have a look at ulogd or ulogd2 code.
>        http://git.netfilter.org/cgi-bin/gitweb.cgi?p=ulogd2.git;a=blob;f=input/packet/ulogd_inppkt_ULOG.c;h=c00d9bf8a965be7f961738892e19191efcf8f691;hb=0b789ea9bf810497845456e9b83bff8c5ae5ca23
> By the way, as ulogd2 uses a plugin mechanism, you may be able to build
> what you want by coding an ulogd2 plugin. It can provide you a way to
> code something independant from low level (NFLOG or ULOG can be used as
> input without changing your plugin).
>
> A mini doc about ulogd2 hacking is available here:
>        http://home.regit.org/?page_id=90
>
> For NFLOG, you need to use latest git for kernel and libnetfilter_log.
>
> The following functions are available:
>
> - nflog_get_hwtype: to fetch hardware type (and thus give the parser to
>  use)
> - nflog_get_msg_packet_hwhdrlen: to get hardware header len
> - nflog_get_msg_packet_hwhdr: get hardware datas
>
> BR,
> --
> Eric Leblond
> INL: http://www.inl.fr/
> NuFW: http://www.nufw.org/
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFIjsKinxA7CdMWjzIRAofmAJ9mi4P5SRkPugu8wADwtmB2LlHmigCfWjNn
> E77TPzKV3LStdfYgpFCobVA=
> =ruvK
> -----END PGP SIGNATURE-----
>
>

(unknown),

[Chris]

All,

I'm using 4.4.0-89-generic #112-Ubuntu Kernel.

I've setup a bridge

bridge name        bridge id                STP enabled        interfaces
br0                8000.00322e111b2        no                enp3s0
                                                        vnet0

Why is it possible to DROP packages from a KVM guest on the host INPUT
chain, but not to LOG them?

I've not loaded any bridge-nf modules. bridge/nf_call_iptables is 0.

- Chris

(unknown)

[Tarak Ranjan]

free trial
http://strongerbetterandbigger.ru/trial2/

(unknown),

[Jorge Bastos - Decimal]

help

(unknown),

[Martin Spinassi]

subscribe netfilter

(unknown),

[Jianqing Zhang]

I use iptables to filter incoming packets with some particular
protocols, such as ICMP, and the target is QUEUE.

=============================

Chain INPUT (policy ACCEPT)
target prot opt source destination
QUEUE icmp -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

============================

How can I check the packets are filtered and put in the QUEUE?

Thanks

(unknown)

[Sebastian Seemann]

Hi,

I would like to DROP all connections from IPs originating in a specified country. Of course, the geoip extension is a perfect fit for that. My question is what happens if I do this:

iptables -P INPUT DROP
iptables -A INPUT -m geoip ! --src-cc [country] -j ACCEPT

What happens if an IP is not found in the geoip-database, so it has no country-code at all? Is it accepted or not?
I would suppose it is accepted and, since I wanna be sure, would be thankful for a workaround simpler than adding every country in the world but the forbidden one.

Best Regards,
Sebastian
-- 
Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger

(unknown)

[Alberto Díez]

hi!
 
 I am trying to make use of a large number of rules
 with iptables. 
 
 I have seen there are some optimizations referenced
 like nf-HiPAC (www.hipac.org) , iptables with
 classifiers (www.geocities.com/hamidreza_jm) which
 appearently can deal with thousands of rules (thats
 what i need).
 
 I want per flow (orig addr,dst addr, orig port, dst
 port, proto) filtering thats why i don´t think i can
 use ipsets (or can i?)
 I also would like to have the nice iptables features
 like  mangle table and counters ..
 
 I dont really understand what the conntrack does, or
 if it can somehow helpme (where is the nice
 documentation about this??)
 
 What is the netfilter preferred way to have a large
 set of rules and still do packet filtering?  are
 HiPAC, iptables with classifiers or any other
 solution
 actual?
 
 is there a howto,manual,some kind of
 documentation, all that I find about this are quite
 old (3 years?) material in the mailing list ... Is
 this problem already solved? what was the solution
 taken?
 
 
 well if you could answer any of this questions i
 would
 be very thankful
 
 Alberto Diez
 
 
      


      ______________________________________________ 
Enviado desde Correo Yahoo!
Disfruta de una bandeja de entrada más inteligente. http://es.docs.yahoo.com/mail/overview/index.html

(unknown),

[Videal ,)]

 unsubscribe netfilter

(unknown),

[Bikash Bhattarai]

(unknown),

[Joe Ruddy]

Hello,

We are moving to a Co-Location center and will need to forward all traffic
for all our IP to our new IP addresses.

As an example our block is 12.24.15.0/24

Our new block will be 54.64.18.0/24

If we have a webserver at 12.24.15.24 I would like all requests to
12.24.15.24 to be forwarded to 54.64.18.24 where the new machine will be
located.
If we have a mailserver at 12.24.15.19 I would like all requests to
12.24.15.19 to be forwarded to 54.64.18.19 where the new machine will be
located.

I add one rule ..."iptables -t nat -A PREROUTING -d 12.24.15.24 -j DNAT --to
54.64.18.24"

If I try to ssh or go to the website hosted there I get nothing.  I can see
that the requests arrive at 54.64.18.24 by looking at the logs.

Any ideas?

Thanks

Joe

Joe Ruddy
Director of Technology
Novapointe LLC
909-930-3062 x2738
jruddy@novapointe.com 

(unknown)

[Ryan Rodriguez]

Mon Dec 10 17:53:00 CST 2007 0.56

(unknown),

[李伟华]

when i was patched kernel 2.6.23.1 and iptables-1.3.8 with last path-o-matic's patchlet connlimit and run compile iptables by  "make KERNEL_DIR=../linux-2.6.23.1/  " , there some error appear :


Extensions found: IPv4:CLUSTERIP IPv4:NFLOG IPv4:condition IPv4:connbytes IPv4:connlimit IPv4:dccp IPv4:ipp2p IPv4:layer7 IPv4:quota IPv4:recent IPv4:statistic IPv4:string IPv6:NFLOG IPv6:REJECT IPv6:ah IPv6:esp IPv6:frag IPv6:hashlimit IPv6:ipv6header IPv6:mh IPv6:rt IPv6:sctp
cc -O2 -Wall -Wunused -I../linux-2.6.23.1//include -Iinclude/ -DIPTABLES_VERSION=\"1.3.8\"  -fPIC -o extensions/libipt_connlimit_sh.o -c extensions/libipt_connlimit.c
In file included from ../linux-2.6.23.1/include/asm/bitops.h:9,
                 from ../linux-2.6.23.1/include/linux/bitops.h:9,
                 from /usr/include/linux/netfilter_ipv4/ip_conntrack.h:9,
                 from extensions/libipt_connlimit.c:9:
../linux-2.6.23.1/include/asm/alternative.h:9: error: syntax error before "u8"
../linux-2.6.23.1/include/asm/alternative.h:11: error: syntax error before "cpuid"
../linux-2.6.23.1/include/asm/alternative.h:12: error: syntax error before "instrlen"
../linux-2.6.23.1/include/asm/alternative.h:13: error: syntax error before "replacementlen"
../linux-2.6.23.1/include/asm/alternative.h:14: error: syntax error before "pad"
In file included from ../linux-2.6.23.1/include/linux/bitops.h:9,
                 from /usr/include/linux/netfilter_ipv4/ip_conntrack.h:9,
                 from extensions/libipt_connlimit.c:9:
../linux-2.6.23.1/include/asm/bitops.h:244: error: syntax error before "int"
In file included from ../linux-2.6.23.1/include/linux/cpumask.h:86,
                 from ../linux-2.6.23.1/include/asm/processor.h:22,
                 from ../linux-2.6.23.1/include/asm/atomic.h:5,
                 from /usr/include/linux/netfilter_ipv4/ip_conntrack.h:11,
                 from extensions/libipt_connlimit.c:9:
../linux-2.6.23.1/include/linux/bitmap.h: In function `bitmap_zero':
../linux-2.6.23.1/include/linux/bitmap.h:134: error: `BITS_PER_LONG' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/bitmap.h:134: error: (Each undeclared identifier is reported only once
../linux-2.6.23.1/include/linux/bitmap.h:134: error: for each function it appears in.)
../linux-2.6.23.1/include/linux/bitmap.h: In function `bitmap_fill':
../linux-2.6.23.1/include/linux/bitmap.h:149: error: `BITS_PER_LONG' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/bitmap.h: In function `bitmap_copy':
../linux-2.6.23.1/include/linux/bitmap.h:155: error: `BITS_PER_LONG' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/bitmap.h: In function `bitmap_and':
../linux-2.6.23.1/include/linux/bitmap.h:166: error: `BITS_PER_LONG' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/bitmap.h: In function `bitmap_or':
../linux-2.6.23.1/include/linux/bitmap.h:175: error: `BITS_PER_LONG' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/bitmap.h: In function `bitmap_xor':
../linux-2.6.23.1/include/linux/bitmap.h:184: error: `BITS_PER_LONG' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/bitmap.h: In function `bitmap_andnot':
../linux-2.6.23.1/include/linux/bitmap.h:193: error: `BITS_PER_LONG' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/bitmap.h: In function `bitmap_complement':
../linux-2.6.23.1/include/linux/bitmap.h:202: error: `BITS_PER_LONG' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/bitmap.h: In function `bitmap_equal':
../linux-2.6.23.1/include/linux/bitmap.h:211: error: `BITS_PER_LONG' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/bitmap.h: In function `bitmap_intersects':
../linux-2.6.23.1/include/linux/bitmap.h:220: error: `BITS_PER_LONG' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/bitmap.h: In function `bitmap_subset':
../linux-2.6.23.1/include/linux/bitmap.h:229: error: `BITS_PER_LONG' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/bitmap.h: In function `bitmap_empty':
../linux-2.6.23.1/include/linux/bitmap.h:237: error: `BITS_PER_LONG' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/bitmap.h: In function `bitmap_full':
../linux-2.6.23.1/include/linux/bitmap.h:245: error: `BITS_PER_LONG' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/bitmap.h: In function `bitmap_weight':
../linux-2.6.23.1/include/linux/bitmap.h:253: error: `BITS_PER_LONG' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/bitmap.h: In function `bitmap_shift_right':
../linux-2.6.23.1/include/linux/bitmap.h:261: error: `BITS_PER_LONG' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/bitmap.h: In function `bitmap_shift_left':
../linux-2.6.23.1/include/linux/bitmap.h:270: error: `BITS_PER_LONG' undeclared (first use in this function)
In file included from ../linux-2.6.23.1/include/asm/processor.h:22,
                 from ../linux-2.6.23.1/include/asm/atomic.h:5,
                 from /usr/include/linux/netfilter_ipv4/ip_conntrack.h:11,
                 from extensions/libipt_connlimit.c:9:
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:88: error: syntax error before "DECLARE_BITMAP"
../linux-2.6.23.1/include/linux/cpumask.h:89: error: syntax error before "_unused_cpumask_arg_"
../linux-2.6.23.1/include/linux/cpumask.h:92: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpu_set':
../linux-2.6.23.1/include/linux/cpumask.h:94: error: `cpu' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:94: error: `dstp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:98: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpu_clear':
../linux-2.6.23.1/include/linux/cpumask.h:100: error: `cpu' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:100: error: `dstp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:104: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpus_setall':
../linux-2.6.23.1/include/linux/cpumask.h:106: error: `dstp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:106: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:110: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpus_clear':
../linux-2.6.23.1/include/linux/cpumask.h:112: error: `dstp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:112: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:119: error: syntax error before "cpumask_t"
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpu_test_and_set':
../linux-2.6.23.1/include/linux/cpumask.h:121: error: `cpu' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:121: error: `addr' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:125: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpus_and':
../linux-2.6.23.1/include/linux/cpumask.h:128: error: `dstp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:128: error: `src1p' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:128: error: `src2p' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:128: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:132: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpus_or':
../linux-2.6.23.1/include/linux/cpumask.h:135: error: `dstp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:135: error: `src1p' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:135: error: `src2p' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:135: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:139: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpus_xor':
../linux-2.6.23.1/include/linux/cpumask.h:142: error: `dstp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:142: error: `src1p' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:142: error: `src2p' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:142: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:147: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpus_andnot':
../linux-2.6.23.1/include/linux/cpumask.h:150: error: `dstp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:150: error: `src1p' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:150: error: `src2p' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:150: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:154: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpus_complement':
../linux-2.6.23.1/include/linux/cpumask.h:157: error: `dstp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:157: error: `srcp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:157: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:161: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpus_equal':
../linux-2.6.23.1/include/linux/cpumask.h:164: error: `src1p' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:164: error: `src2p' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:164: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:168: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpus_intersects':
../linux-2.6.23.1/include/linux/cpumask.h:171: error: `src1p' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:171: error: `src2p' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:171: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:175: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpus_subset':
../linux-2.6.23.1/include/linux/cpumask.h:178: error: `src1p' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:178: error: `src2p' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:178: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:182: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpus_empty':
../linux-2.6.23.1/include/linux/cpumask.h:184: error: `srcp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:184: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:188: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpus_full':
../linux-2.6.23.1/include/linux/cpumask.h:190: error: `srcp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:190: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:194: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpus_weight':
../linux-2.6.23.1/include/linux/cpumask.h:196: error: `srcp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:196: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:201: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpus_shift_right':
../linux-2.6.23.1/include/linux/cpumask.h:204: error: `dstp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:204: error: `srcp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:204: error: `n' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:204: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:209: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpus_shift_left':
../linux-2.6.23.1/include/linux/cpumask.h:212: error: `dstp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:212: error: `srcp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:212: error: `n' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:212: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:216: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h:218: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h:271: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpumask_scnprintf':
../linux-2.6.23.1/include/linux/cpumask.h:273: error: `buf' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:273: error: `len' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:273: error: `srcp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:273: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:279: error: syntax error before "cpumask_t"
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpumask_parse_user':
../linux-2.6.23.1/include/linux/cpumask.h:281: error: `buf' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:281: error: `len' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:281: error: `dstp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:281: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:287: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpulist_scnprintf':
../linux-2.6.23.1/include/linux/cpumask.h:289: error: `buf' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:289: error: `len' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:289: error: `srcp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:289: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:293: error: syntax error before "cpumask_t"
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpulist_parse':
../linux-2.6.23.1/include/linux/cpumask.h:295: error: `buf' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:295: error: `dstp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:295: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:301: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpu_remap':
../linux-2.6.23.1/include/linux/cpumask.h:303: error: `oldbit' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:303: error: `oldp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:303: error: `newp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:303: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:308: error: syntax error before '*' token
../linux-2.6.23.1/include/linux/cpumask.h: In function `__cpus_remap':
../linux-2.6.23.1/include/linux/cpumask.h:311: error: `dstp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:311: error: `srcp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:311: error: `oldp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:311: error: `newp' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h:311: error: `nbits' undeclared (first use in this function)
../linux-2.6.23.1/include/linux/cpumask.h: At top level:
../linux-2.6.23.1/include/linux/cpumask.h:380: error: syntax error before "cpu_possible_map"
../linux-2.6.23.1/include/linux/cpumask.h:381: error: syntax error before "cpu_online_map"
../linux-2.6.23.1/include/linux/cpumask.h:382: error: syntax error before "cpu_present_map"
../linux-2.6.23.1/include/linux/cpumask.h:403: error: syntax error before '*' token
In file included from ../linux-2.6.23.1/include/asm/atomic.h:5,
                 from /usr/include/linux/netfilter_ipv4/ip_conntrack.h:11,
                 from extensions/libipt_connlimit.c:9:
../linux-2.6.23.1/include/asm/processor.h:73: error: syntax error before "cpumask_t"
../linux-2.6.23.1/include/asm/processor.h:83: error: syntax error before '}' token
../linux-2.6.23.1/include/asm/processor.h:599: error: `cpuid' redeclared as different kind of symbol
../linux-2.6.23.1/include/asm/alternative.h:11: error: previous declaration of `cpuid'
make: *** [extensions/libipt_connlimit_sh.o] Error 1

_________________________________________________________________
手机也能上 MSN 聊天了，快来试试吧！
http://mobile.msn.com.cn/

(unknown),

[David Boulding]

unsubscribe netfilter

(unknown)

["Mario Hülsegge"]

hi,

i am trying to set up routing of all outgoing http-requests on my 
workstation through my openvpn gateway (tun0). the web told me to do it:

iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 4
ip rule add fwmark 4 lookup 3
ip route add default dev tun0 table 3


the problem is that it does not work. tcpdump gives me:

00:28:00.461045 IP (tos 0x0, ttl  64, id 28447, offset 0, flags [DF], 
proto: UDP (17), length: 71) 192.168.0.125.1049 > vroot.domain: [udp sum 
ok]  62654+ PTR? 67.11.71.195.in-addr.arpa. (43)
00:28:00.515190 IP (tos 0x0, ttl  56, id 0, offset 0, flags [DF], proto: 
UDP (17), length: 127) vroot.domain > 192.168.0.125.1049:  62654 NXDomain 
q: PTR? 67.11.71.195.in-addr.arpa. 0/1/0 ns: 71.195.in-addr.arpa. (99)
00:28:01.459744 arp who-has 195.71.11.67 tell 192.168.0.125
00:28:02.459844 arp who-has 195.71.11.67 tell 192.168.0.125


the arp-requests dont seem to be right, any suggestions?

Mario
-- 
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kanns mit allen: http://www.gmx.net/de/go/multimessenger