/ ipchains and iptables use the same
setsockopt() / getsockopt() based communication between kernel and
userspace - so the kernel can never know which one of the three you want
to load.
Nico
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org
all sysctl variables to be HZ-independent, or
- Create a sane way to read HZ from the running kernel.
Everything else is broken, from my point of view.
> Tomas
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/
nel, but only about some kernel source somewhere
on your harddrive?
> Tomas
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/
GCS/E/IT d- s-: a-- C+++ UL$ P
some kernel source somewhere
on your harddrive?
Tomas
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/
GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E--- W- N++ o
else is broken, from my point of view.
Tomas
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/
GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E--- W- N++ o? K- w--- O- M
On Wed, May 30, 2001 at 11:40:30PM -0400, Albert D. Cahalan wrote:
> Harald Welte writes:
>
> > Is there any way to read out the compile-time HZ value of the kernel?
> >
> > I had a brief look at /proc/* and didn't find anything.
>
> Look again, this time with
derived from
HZ values (1*HZ, for example).
If you now want to set those values from a userspace program / script in
a portable manner, you need to be able to find out of HZ of the currently
running kernel.
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED] http
from one place with
an argument of 1: from the init() function. If the argument is 0,
as called by the exit() function, the code for calling the ip_nat_rule_setup
is never reached.
So it is definitely not a bug.
Anyway, one should maybe make this a little bit cleaner. Will look into that.
--
Live long an
c-address using ifconfig.
What the guy most likely wanted to say, is that there is only one EEprom
containing all mac adresses for the four tulip chips, which I have seen
on multiple boards
> Thanks a lot
> Fabbione
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]
the guy most likely wanted to say, is that there is only one EEprom
containing all mac adresses for the four tulip chips, which I have seen
on multiple boards
Thanks a lot
Fabbione
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org
by the exit() function, the code for calling the ip_nat_rule_setup
is never reached.
So it is definitely not a bug.
Anyway, one should maybe make this a little bit cleaner. Will look into that.
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org
derived from
HZ values (1*HZ, for example).
If you now want to set those values from a userspace program / script in
a portable manner, you need to be able to find out of HZ of the currently
running kernel.
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED] http
've
now removed the references to netfilter.kernelnotes.org and created another
mirror (netfilter.gnumonks.org) for the netfilter-related stuff.
We haven't heared anything from kernelnotes.org since
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]
to netfilter.kernelnotes.org and created another
mirror (netfilter.gnumonks.org) for the netfilter-related stuff.
We haven't heared anything from kernelnotes.org since
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
ng
> a RTFM interface in the kernel (as an optional module).
No, not at all. I'd like to help developing an RTFM meter for linux.
I guess we don't actually need to keep seperate flow information, but
could attach it to the netfilter connection tracking.
> Manfred Bartz
--
Live long and pros
ve
changes to the ruleset (counters and/or rules) at runtime. You'd have
to be very cautious what you are doing.
> Olaf
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS
e and re-insert the rule.
If somebody wants to reset the counter, he can. If we remove the functionality
from iptables, people still can - but it's more difficult.
> Regards
> Henning
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]ht
perly.
I don't think that the iptables kernel part should remove some feature
just because there are application programmers wrongly designing their
applications.
> Manfred Bartz
--
Live long and prosper
- Harald Welte / [EMAIL PROTECT
ds like something doable, only somebody needs to get around doing
it. Any volunteers?
> --
> /Jonathan Lundell.
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/
somebody needs to get around doing
it. Any volunteers?
--
/Jonathan Lundell.
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E
should remove some feature
just because there are application programmers wrongly designing their
applications.
Manfred Bartz
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
.
If somebody wants to reset the counter, he can. If we remove the functionality
from iptables, people still can - but it's more difficult.
Regards
Henning
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
have
to be very cautious what you are doing.
Olaf
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E--- W- N++ o? K- w--- O- M
in the kernel (as an optional module).
No, not at all. I'd like to help developing an RTFM meter for linux.
I guess we don't actually need to keep seperate flow information, but
could attach it to the netfilter connection tracking.
Manfred Bartz
--
Live long and prosper
- Harald Welte / [EMAIL
body forces you
to reset them right now.
> Manfred Bartz
> -------
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/
ailable at http://netfilter.samba.org/)
> David
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E--- W- N++ o? K- w--- O- M-
V-- PS+ PE-- Y
/ip_nat_ftp.c
are compiled
- if CONFIG_IP_NF_FTP is ON (M or Y), both ip_conntrack_ftp.c AND
ip_nat_ftp.c are compiled (module or static, as user wishes)
I'm asking myself if we now should be proud of having the most complicated
dependencies of the whole kernel ;)
--
Live long and prosp
/)
David
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E--- W- N++ o? K- w--- O- M-
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv
or Y), both ip_conntrack_ftp.c AND
ip_nat_ftp.c are compiled (module or static, as user wishes)
I'm asking myself if we now should be proud of having the most complicated
dependencies of the whole kernel ;)
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http
---
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E--- W- N++ o? K- w--- O- M-
V-- PS+ PE-- Y
cating
it is IP. == 14 bytes :)
On the other hand, the --mac-source match (emphasized mac-SOURCE) allows
you to match on the source part of this mac header (i.e. the first 6 bytes)
> Jack Bowling
> mailto: [EMAIL PROTECTED]
--
Live long and prosper
- Hara
urce match (emphasized mac-SOURCE) allows
you to match on the source part of this mac header (i.e. the first 6 bytes)
Jack Bowling
mailto: [EMAIL PROTECTED]
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gn
like you didn't understand the very basics of netfilter/iptables.
Please read the available HOWTO's. the INPUT chain of the filter table is
in no way related to any packet on your NAT box.
--
Live long and prosper
- Harald Welte / [EMAIL PROTECT
r writing this, we'll appreciate
any patches.
btw: it's probably a good idea to move this discussion to
[EMAIL PROTECTED]
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
e further discussion to the netfilter user mailinglist at
[EMAIL PROTECTED]
> --
> Paul Jakma[EMAIL PROTECTED] [EMAIL PROTECTED]
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://w
ernel.
I'll do some testing and put it into CVS, if you want to.
> // Gianni Tedesco <[EMAIL PROTECTED]>
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/
ementation as iptables
target has the following advantages:
- can be used from each netfilter-hook attached code (not only from
an ip table)
- is more generic (you can register different queue handler, ipv6, ...)
btw: please move this discussion to [EMAIL PROTECTED]
> Regards
--
Live long
advantages:
- can be used from each netfilter-hook attached code (not only from
an ip table)
- is more generic (you can register different queue handler, ipv6, ...)
btw: please move this discussion to [EMAIL PROTECTED]
Regards
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED
, if you want to.
// Gianni Tedesco [EMAIL PROTECTED]
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E--- W- N++ o? K- w
discussion to the netfilter user mailinglist at
[EMAIL PROTECTED]
--
Paul Jakma[EMAIL PROTECTED] [EMAIL PROTECTED]
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
a good idea to move this discussion to
[EMAIL PROTECTED]
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E--- W- N++ o? K- w--- O- M-
.
Please read the available HOWTO's. the INPUT chain of the filter table is
in no way related to any packet on your NAT box.
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
set CONFIG_IP_ADVANCED_ROUTER
> Version should be OK according to the Changes file.
>
> config is attached
>
>
> Regards,
> Igmar
--
Live long and prosper
- Harald Welte / [EMAI
should be OK according to the Changes file.
config is attached
Regards,
Igmar
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s
obably the more apropriate place
for discussion of netfilter related stuff. See http://netfilter.samba.org
for subscription instructions.
> John Buswell
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnu
the more apropriate place
for discussion of netfilter related stuff. See http://netfilter.samba.org
for subscription instructions.
John Buswell
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
ng test13-pre4. I saw some iptables stuff on
> the list a week or so ago, was this fixed in pre4 or
> is this my problem?
we (the netfilter core team) are currently not aware
of any bugs at the moment. The behaviour you've described
wasn't reported by anybody else.
> -mwe
> [EMAIL PROT
on
the list a week or so ago, was this fixed in pre4 or
is this my problem?
we (the netfilter core team) are currently not aware
of any bugs at the moment. The behaviour you've described
wasn't reported by anybody else.
-mwe
[EMAIL PROTECTED]
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED
orting
the kerneli patch (loopback encryption, ...) and thought it is
a problem of the kerneli patch. I've never thought about the
possibility that this problem even occurs without encryption.
The other issue is: I wasn't able to reproduce this problem either :(
> so long
> Ingo
--
Live
st
(see http://netfilter.kernelnotes.org)
> John Covici
> [EMAIL PROTECTED]
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C
://netfilter.kernelnotes.org)
John Covici
[EMAIL PROTECTED]
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C+++ UL$ P+++ L
it is
a problem of the kerneli patch. I've never thought about the
possibility that this problem even occurs without encryption.
The other issue is: I wasn't able to reproduce this problem either :(
so long
Ingo
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http
ck.
b) make ip_defrag(), ... aware of the case where skb->dev == NULL. Sounds
like a good idea, since it is only one if(skb->dev) clause.
c) netfilter stops using ip_defrag() for this case. Bad idea, it had to
reinvent the wheel :(
> David S
ip_defrag() for this case. Bad idea, it had to
reinvent the wheel :(
David S. Miller
[EMAIL PROTECTED]
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s
On Sat, Dec 16, 2000 at 11:57:05AM +0100, Harald Welte wrote:
>
> As no other netfilter core team member responded yet, I'm going to provide
> a patch for the 'true library' solution.
well... the 'true library' doesn't make sense, because of the exclusiveness.
In any case there's
described above.
> Anyway, these kinds of things are really up to the netfilter people.
>
As no other netfilter core team member responded yet, I'm going to provide
a patch for the 'true library' solution.
>
ly up to the netfilter people.
As no other netfilter core team member responded yet, I'm going to provide
a patch for the 'true library' solution.
Linus
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
===
On Sat, Dec 16, 2000 at 11:57:05AM +0100, Harald Welte wrote:
As no other netfilter core team member responded yet, I'm going to provide
a patch for the 'true library' solution.
well... the 'true library' doesn't make sense, because of the exclusiveness.
In any case there's only one
Oh, thanks Andi. This is the key, of course. I'm always way too focused
on forwarded packets ;)
This is definitely the problem.
We could set skb->dev to skb->dst->dev, but this sounds more like a
hack than a real solution...
> -Andi
--
Live long and prosper
- Hara
ok NF_IP_PRE_ROUTING is called
- net/ipv4/netfilter/ip_conntrack_core.c:ip_conntrack_in() is called
- net/ipv4/netfilter/ip_conntrack_core.c:ip_ct_gather_frags() is called
- net/ipv4/ip_input.c:ip_defrag() is called
Isn't the skb->dev member supposed to still point to the receiving
device?
> David S.
/ip_conntrack_core.c:ip_conntrack_in() is called
- net/ipv4/netfilter/ip_conntrack_core.c:ip_ct_gather_frags() is called
- net/ipv4/ip_input.c:ip_defrag() is called
Isn't the skb-dev member supposed to still point to the receiving
device?
David S. Miller
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED
. This is the key, of course. I'm always way too focused
on forwarded packets ;)
This is definitely the problem.
We could set skb-dev to skb-dst-dev, but this sounds more like a
hack than a real solution...
-Andi
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http
o problem. Just look for 'traffic accounting' or 'network accounting' on
freshmeat.net
Some packages you might be interested in:
ip-acct
nacctd
> Brian Parris
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http:
kgcc]).
Exactly the same kernel image will boot on other machines :)
2.4.0-test8 and lower work great.
> Any help would be greatly appreciated, as I'm wanting to get
> a 2.4.x kernel up for testing, etc..
try 2.4.0-test8 :) Probably it'll boot.
--
Live long and prosper
- Harald We
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E--- W- N++ o? K- w--- O- M-
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E--- W- N++ o? K- w--- O- M-
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y
e is no such thing as gcc-2.96. Try reading
http://gcc.gnu.org/gcc-2.96.html
> Juan Antonio Magallon Lacarta
> mailto:[EMAIL PROTECTED]
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]
xtfile
called modules.dep and asks the kernel to load the modules in the apropriate
order.
> chris
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-
modules.dep and asks the kernel to load the modules in the apropriate
order.
chris
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C+++ UL$ P
-2.96. Try reading
http://gcc.gnu.org/gcc-2.96.html
Juan Antonio Magallon Lacarta
mailto:[EMAIL PROTECTED]
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
ong and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E--- W- N++ o? K- w--- O- M-
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !
ing the reference count to -1 to ensure it is _never_ unloaded.
Your next question might be: Why is it a module at all?
Because we want to keep the kernel footprint as small as possible.
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.
ers. Look
at /proc/sys/net/ipv4/ip_forward, etc.
Some distributions already have the hdparm initscript.
> Stephen
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
G
of the RAID patches and
use exactly the kernel revision the patch was maid for.
> Anil
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C+++ UL+++
ht end up
learning something which is no longer used at all.
> yours Huang QingHua
> [EMAIL PROTECTED]
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
===
learning something which is no longer used at all.
yours Huang QingHua
[EMAIL PROTECTED]
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C
the kernel revision the patch was maid for.
Anil
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E--- W- N++ o? K- w--- O
at /proc/sys/net/ipv4/ip_forward, etc.
Some distributions already have the hdparm initscript.
Stephen
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C
the reference count to -1 to ensure it is _never_ unloaded.
Your next question might be: Why is it a module at all?
Because we want to keep the kernel footprint as small as possible.
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
> Dag B
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E--- W- N++ o? K- w--- O- M-
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-
to contact the poptop people and/or give a more detailed description,
like error messages from /var/log/messages, enabling debugging of your pppd,
Only contact this list if You are almost sure it is an error inside the
kernel.
> Steve
--
Live long and prosper
- Harald Welte / [EMAIL PROTEC
0% in userspace
> thanks
> azad
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E--- W- N++ o? K- w--- O- M-
V-- PS
and/or give a more detailed description,
like error messages from /var/log/messages, enabling debugging of your pppd,
Only contact this list if You are almost sure it is an error inside the
kernel.
Steve
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED]http
- Harald Welte / [EMAIL PROTECTED]http://www.gnumonks.org
GCS/E/IT d- s-: a-- C+++ UL$ P+++ L$ E--- W- N++ o? K- w--- O- M-
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y
101 - 184 of 184 matches
Mail list logo
