New iptables 1.4.0 has some library names changed from libipt to libxt.
It is prefferable also to open libxt_ first, as newer "style".
Signed-off-by: Denys Fedoryshchenko <nuclearcat@nuclearcat.com>
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
This one also makes sense for the release I guess.
-------- Original Message --------
Subject: Re: more iproute2 issues (not critical)
Date: Sat, 31 Mar 2007 16:16:56 +0200
From: Patrick McHardy <kaber@trash.net>
To: Denys <denys@visp.net.lb>
CC: Stephen Hemminger <shemminger@linux-foundation.org>,
netdev@vger.kernel.org
References: <20070321175951.M73913@visp.net.lb>
<46026717.9060909@trash.net> <20070322124533.M79867@visp.net.lb>
<46027FF2.6020001@trash.net> <20070322101224.3e6bb899@freekitty>
<20070331021401.M17326@visp.net.lb> <20070331023011.M8101@visp.net.lb>
Denys wrote:
> Ooops, sorry, it seems my fault, no library exist on this system.
> But i guess it must not coredump in this case? Is it possible to check if
> library not exist and just print some nice message?
> It is trivial i guess.
The problem is that lib_dir is NULL when calling get_target_names.
This patch fixes it.
[IPROUTE]: m_ipt: fix crash when dumping rules
lib_dir is NULL when calling get_target_name, causing a NULL pointer
dereference in the strlen call.
Signed-off-by: Patrick McHardy <kaber@trash.net>
> It is in current git tree.
A small fix attached after some testing.
Please dont forget to apply my other patches. When you have them let me
know so i can do some more testing.
cheers,
jamal
[TC] Get iptables path selection to set correct path
A small tweak on top of Stephens patch
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
if a file fails to compile in a subdir of iproute2 fails (say "tunnel.c" in
the "ip" dir), the top level makefile does not abort:
all: Config
@for i in $(SUBDIRS); \
do $(MAKE) $(MFLAGS) -C $$i; done
the attached patch inserts a 'set -e' so that if the $(MAKE) fails, the all
target fails as well
-mike
Hi jamal,
I found some spare time to play around a bit more with you ipt action stuff.
I've tested the patch attached with the testcase here below. It works
fine here. It fixes broken target option checkings (final_check) and a
leak in the merge_options function. I've killed copy_options since I
didn't find any reason why we need it.
--- test.sh ---
tc qdisc del dev wlan0 ingress
tc qdisc add dev wlan0 ingress
tc filter add dev wlan0 parent ffff: protocol ip prio 6 u32 \
match ip src 192.168.0.2/32 flowid 1:16 \
action ipt -j TOS --set-tos Maximize-Reliability
sleep 3
tc -s filter ls dev wlan0 parent ffff:
--- end of test.sh ---
Results:
tablename: mangle hook: NF_IP_PRE_ROUTING
target: TOS set Maximize-Reliability index 0
filter protocol ip pref 6 u32
filter protocol ip pref 6 u32 fh 800: ht divisor 1
filter protocol ip pref 6 u32 fh 800::800 order 2048 key ht 800 bkt 0
flowid 1:16
match c0a80002/ffffffff at 12
action order 1: tablename: mangle hook: NF_IP_PRE_ROUTING
target TOS set Maximize-Reliability
index 18 ref 1 bind 1 installed 3 sec used 0 sec
Action statistics:
Sent 725 bytes 7 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
Now, check if options passed to the target are correct.
# tc filter add dev wlan0 parent ffff: protocol ip prio 6 u32 \
match ip dst 192.168.0.2/32 flowid 1:16 \
action ipt -j TOS --set-tos
^^^
missing parameter
ipt: option `--set-tos' requires an argument
tc-ipt v0.1: TOS target: Parameter --set-tos is required
Try `tc-ipt -h' or 'tc-ipt --help' for more information.
btw, how's your schedule ? did you finally get spare time to come to the
netfilter workshop in seville ?
bye,
Pablo
Denys Fedoryshchenko
Stephen Hemminger
Patrick McHardy
jamal
Mike Frysinger
Stephen Hemminger
shemminger
net[shemminger]!shemminger
osdl.net!shemminger
2!tgraf