Bug#559022: Fw: Bug#559022: iproute: tc filter action ipt -j MARK still causes an error about libipt_mark.so

2009-12-02 Thread Igor Bogomazov 
Hello, Andreas Henriksson!
 
 The bug report contains no information. The command you quote
 in the subject is invalid syntax.
 
 Please append a proper report including atleast:
 - A detailed description of what you did.
 - The result.
 - What you expected to happen.

OK, sorry. It seems I didn't fileld reportbug properly.

My actions:
tc filter add dev lo parent : protocol ip prio 10 u32 match u32 0 0
flowid 1:1  action ipt -j MARK --set-mark 1 action mirred egress
redirect eth2

Results:
/lib/iptables/libipt_mark.so: cannot open shared object file: No such
file or directory failed to find target MARK

bad action parsing
parse_action: bad value (10:ipt)!
Illegal action

The problem were reported early. The solution proposed was to update
iproute up to 20090324. It won't work for me.


signature.asc
Description: PGP signature

Bug#559022: Fw: Bug#559022: iproute: tc filter action ipt -j MARK still causes an error about libipt_mark.so

2009-12-02 Thread Andreas Henriksson 
tags 559022 - moreinfo
thanks

Hello Igor!

Thanks for the additional information. Yes, it seems the xtables extension
(the new iptables api) is still broken. Because the configuration tests
for xtables are also broken, iproute falls back on building the
old non-working iptables module for tc instead of the xtables module.

Could you please test the attached patch?

cd /tmp
git clone git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git
wget http://fatal.se/tmp/iproute-xtables-1.4.5-rev2.diff
cd iproute2
patch -p1  ../iproute-xtables-1.4.5-rev2.diff
make

./tc/tc 


On Wed, Dec 02, 2009 at 10:51:19AM +0300, Igor Bogomazov wrote:
 My actions:
 tc filter add dev lo parent : protocol ip prio 10 u32 match u32 0 0
 flowid 1:1  action ipt -j MARK --set-mark 1 action mirred egress
 redirect eth2
 

I'm not using this myself and don't have detailed knowledge in this area.
I couldn't get the above command to work, instead I tested with this:

sudo iptables -N mark
sudo ./tc/tc qdisc add dev lo ingress
sudo ./tc/tc filter add dev lo parent : protocol ip prio 10 u32 \
match ip src 127.1.1.1/32 \
action ipt -j MARK --set-mark 1

sudo ./tc/tc filter show parent : dev lo

sudo ./tc/tc qdisc del dev lo ingress



Your feedback would be appreciated!



PS. I've notified Jamal (of net...@vger.kernel.org fame)
who has been working on this before about the issue.
Hopefully we'll be able to get it solved soon. Sooner if you help. ;)

-- 
Andreas Henriksson
diff --git a/Makefile b/Makefile
index 6096a99..f8256fb 100644
--- a/Makefile
+++ b/Makefile
@@ -22,7 +22,7 @@ ADDLIB+=ipx_ntop.o ipx_pton.o
 
 CC = gcc
 HOSTCC = gcc
-CCOPTS = -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall
+CCOPTS = -D_GNU_SOURCE -O0 -g -Wstrict-prototypes -Wall
 CFLAGS = $(CCOPTS) -I../include $(DEFINES)
 YACCFLAGS = -d -t -v
 
diff --git a/configure b/configure
index df40370..fe31391 100755
--- a/configure
+++ b/configure
@@ -3,12 +3,16 @@
 #
 INCLUDE=${1:-$PWD/include}
 
+TEST_DIR=$(mktemp -d iproute.XX)
+
+echo $TEST_DIR
+
 echo # Generated config based on $INCLUDE Config
 
 echo TC schedulers
 
 echo -n  ATM	
-cat /tmp/atmtest.c EOF
+cat  $TEST_DIR/atm.c EOF
 #include atm.h
 int main(int argc, char **argv) {
 	struct atm_qos qos;
@@ -16,7 +20,7 @@ int main(int argc, char **argv) {
 	return 0;
 }
 EOF
-gcc -I$INCLUDE -o /tmp/atmtest /tmp/atmtest.c -latm /dev/null 21 
+gcc -I$INCLUDE -o $TEST_DIR/atm $TEST_DIR/atm.c -latm /dev/null 21 
 if [ $? -eq 0 ]
 then
 echo TC_CONFIG_ATM:=y Config
@@ -24,71 +28,41 @@ then
 else
 echo no
 fi
-rm -f /tmp/atmtest.c /tmp/atmtest
+rm -f $TEST_DIR/atm $TEST_DIR/atm.c
 
 echo -n  IPT	
 
-#check if we need dont our internal header ..
-cat /tmp/ipttest.c EOF
+#check if xtables is available.
+cat  $TEST_DIR/xt.c EOF
 #include xtables.h
+#include linux/netfilter.h
 char *lib_dir;
-unsigned int global_option_offset = 0;
-const char *program_version = XTABLES_VERSION;
-const char *program_name = tc-ipt;
-struct afinfo afinfo = {
-	.libprefix  = libxt_,
+static struct xtables_globals xtparams = {
+	.option_offset = 0,
+	.program_name = tc-ipt,
+	.program_version = XTABLES_VERSION,
+	.orig_opts = NULL,
+	.opts = NULL,
+	.exit_err = NULL,
 };
 
-void exit_error(enum exittype status, const char *msg, ...)
+int main(int argc, char **argv)
 {
-}
-
-int main(int argc, char **argv) {
+	xtables_init_all(xtparams, NFPROTO_IPV4);
 
 	return 0;
 }
 
 EOF
-gcc -I$INCLUDE $IPTC -o /tmp/ipttest /tmp/ipttest.c $IPTL -ldl /dev/null 21
+gcc -I$INCLUDE $IPTC -o $TEST_DIR/xt $TEST_DIR/xt.c $IPTL -ldl -lxtables /dev/null 21
 
 if [ $? -eq 0 ]
 then
 	echo TC_CONFIG_XT:=y Config
-	echo using xtables seems no need for internal.h
+	echo using xtables instead of iptables
 else
-	echo failed test 2
+	echo using iptables
 fi
 
-#check if we need our own internal.h
-cat /tmp/ipttest.c EOF
-#include xtables.h
-#include xt-internal.h
-char *lib_dir;
-unsigned int global_option_offset = 0;
-const char *program_version = XTABLES_VERSION;
-const char *program_name = tc-ipt;
-struct afinfo afinfo = {
-	.libprefix  = libxt_,
-};
-
-void exit_error(enum exittype status, const char *msg, ...)
-{
-}
-
-int main(int argc, char **argv) {
-
-	return 0;
-}
-
-EOF
-gcc -I$INCLUDE $IPTC -o /tmp/ipttest /tmp/ipttest.c $IPTL -ldl /dev/null 21
-
-if [ $? -eq 0 ]
-then
-	echo using xtables instead of iptables (need for internal.h)
-	echo TC_CONFIG_XT_H:=y Config
-
-else
-	echo failed test 3 using iptables
-fi
-rm -f /tmp/ipttest.c /tmp/ipttest
+rm -f $TEST_DIR/xt $TEST_DIR/xt.c
+rmdir $TEST_DIR
diff --git a/tc/Makefile b/tc/Makefile
index 227fc40..93b47bf 100644
--- a/tc/Makefile
+++ b/tc/Makefile
@@ -46,13 +46,7 @@ ifeq ($(TC_CONFIG_XT),y)
   TCMODULES += m_xt.o
   LDLIBS += -lxtables
 else
-  ifeq ($(TC_CONFIG_XT_H),y)
-	CFLAGS += -DTC_CONFIG_XT_H
-	TCMODULES += m_xt.o
-	LDLIBS += -lxtables
-  else
   TCMODULES += m_ipt.o
-  endif
 endif
 
 TCOBJ += $(TCMODULES)
diff --git a/tc/m_xt.c b/tc/m_xt.c
index