tags 559022 - moreinfo
thanks
Hello Igor!
Thanks for the additional information. Yes, it seems the xtables extension
(the new iptables api) is still broken. Because the configuration tests
for xtables are also broken, iproute falls back on building the
old non-working iptables module for tc instead of the xtables module.
Could you please test the attached patch?
cd /tmp
git clone git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git
wget http://fatal.se/tmp/iproute-xtables-1.4.5-rev2.diff
cd iproute2
patch -p1 ../iproute-xtables-1.4.5-rev2.diff
make
./tc/tc
On Wed, Dec 02, 2009 at 10:51:19AM +0300, Igor Bogomazov wrote:
My actions:
tc filter add dev lo parent : protocol ip prio 10 u32 match u32 0 0
flowid 1:1 action ipt -j MARK --set-mark 1 action mirred egress
redirect eth2
I'm not using this myself and don't have detailed knowledge in this area.
I couldn't get the above command to work, instead I tested with this:
sudo iptables -N mark
sudo ./tc/tc qdisc add dev lo ingress
sudo ./tc/tc filter add dev lo parent : protocol ip prio 10 u32 \
match ip src 127.1.1.1/32 \
action ipt -j MARK --set-mark 1
sudo ./tc/tc filter show parent : dev lo
sudo ./tc/tc qdisc del dev lo ingress
Your feedback would be appreciated!
PS. I've notified Jamal (of net...@vger.kernel.org fame)
who has been working on this before about the issue.
Hopefully we'll be able to get it solved soon. Sooner if you help. ;)
--
Andreas Henriksson
diff --git a/Makefile b/Makefile
index 6096a99..f8256fb 100644
--- a/Makefile
+++ b/Makefile
@@ -22,7 +22,7 @@ ADDLIB+=ipx_ntop.o ipx_pton.o
CC = gcc
HOSTCC = gcc
-CCOPTS = -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall
+CCOPTS = -D_GNU_SOURCE -O0 -g -Wstrict-prototypes -Wall
CFLAGS = $(CCOPTS) -I../include $(DEFINES)
YACCFLAGS = -d -t -v
diff --git a/configure b/configure
index df40370..fe31391 100755
--- a/configure
+++ b/configure
@@ -3,12 +3,16 @@
#
INCLUDE=${1:-$PWD/include}
+TEST_DIR=$(mktemp -d iproute.XX)
+
+echo $TEST_DIR
+
echo # Generated config based on $INCLUDE Config
echo TC schedulers
echo -n ATM
-cat /tmp/atmtest.c EOF
+cat $TEST_DIR/atm.c EOF
#include atm.h
int main(int argc, char **argv) {
struct atm_qos qos;
@@ -16,7 +20,7 @@ int main(int argc, char **argv) {
return 0;
}
EOF
-gcc -I$INCLUDE -o /tmp/atmtest /tmp/atmtest.c -latm /dev/null 21
+gcc -I$INCLUDE -o $TEST_DIR/atm $TEST_DIR/atm.c -latm /dev/null 21
if [ $? -eq 0 ]
then
echo TC_CONFIG_ATM:=y Config
@@ -24,71 +28,41 @@ then
else
echo no
fi
-rm -f /tmp/atmtest.c /tmp/atmtest
+rm -f $TEST_DIR/atm $TEST_DIR/atm.c
echo -n IPT
-#check if we need dont our internal header ..
-cat /tmp/ipttest.c EOF
+#check if xtables is available.
+cat $TEST_DIR/xt.c EOF
#include xtables.h
+#include linux/netfilter.h
char *lib_dir;
-unsigned int global_option_offset = 0;
-const char *program_version = XTABLES_VERSION;
-const char *program_name = tc-ipt;
-struct afinfo afinfo = {
- .libprefix = libxt_,
+static struct xtables_globals xtparams = {
+ .option_offset = 0,
+ .program_name = tc-ipt,
+ .program_version = XTABLES_VERSION,
+ .orig_opts = NULL,
+ .opts = NULL,
+ .exit_err = NULL,
};
-void exit_error(enum exittype status, const char *msg, ...)
+int main(int argc, char **argv)
{
-}
-
-int main(int argc, char **argv) {
+ xtables_init_all(xtparams, NFPROTO_IPV4);
return 0;
}
EOF
-gcc -I$INCLUDE $IPTC -o /tmp/ipttest /tmp/ipttest.c $IPTL -ldl /dev/null 21
+gcc -I$INCLUDE $IPTC -o $TEST_DIR/xt $TEST_DIR/xt.c $IPTL -ldl -lxtables /dev/null 21
if [ $? -eq 0 ]
then
echo TC_CONFIG_XT:=y Config
- echo using xtables seems no need for internal.h
+ echo using xtables instead of iptables
else
- echo failed test 2
+ echo using iptables
fi
-#check if we need our own internal.h
-cat /tmp/ipttest.c EOF
-#include xtables.h
-#include xt-internal.h
-char *lib_dir;
-unsigned int global_option_offset = 0;
-const char *program_version = XTABLES_VERSION;
-const char *program_name = tc-ipt;
-struct afinfo afinfo = {
- .libprefix = libxt_,
-};
-
-void exit_error(enum exittype status, const char *msg, ...)
-{
-}
-
-int main(int argc, char **argv) {
-
- return 0;
-}
-
-EOF
-gcc -I$INCLUDE $IPTC -o /tmp/ipttest /tmp/ipttest.c $IPTL -ldl /dev/null 21
-
-if [ $? -eq 0 ]
-then
- echo using xtables instead of iptables (need for internal.h)
- echo TC_CONFIG_XT_H:=y Config
-
-else
- echo failed test 3 using iptables
-fi
-rm -f /tmp/ipttest.c /tmp/ipttest
+rm -f $TEST_DIR/xt $TEST_DIR/xt.c
+rmdir $TEST_DIR
diff --git a/tc/Makefile b/tc/Makefile
index 227fc40..93b47bf 100644
--- a/tc/Makefile
+++ b/tc/Makefile
@@ -46,13 +46,7 @@ ifeq ($(TC_CONFIG_XT),y)
TCMODULES += m_xt.o
LDLIBS += -lxtables
else
- ifeq ($(TC_CONFIG_XT_H),y)
- CFLAGS += -DTC_CONFIG_XT_H
- TCMODULES += m_xt.o
- LDLIBS += -lxtables
- else
TCMODULES += m_ipt.o
- endif
endif
TCOBJ += $(TCMODULES)
diff --git a/tc/m_xt.c b/tc/m_xt.c
index