The patch does eliminate the problem. Thanks again
On Mon, Jul 24, 2017 at 9:23 AM Hesham Ahmed <[email protected]> wrote:
> Thanks Tom, I will try the patch and update you.
>
> On Sun, Jul 23, 2017 at 10:09 PM Tom Eastep <[email protected]> wrote:
>
>> On 07/23/2017 11:40 AM, Tom Eastep wrote:
>> > On 07/23/2017 09:53 AM, Hesham Ahmed wrote:
>> >> I tried to use ipsets in tcfilters (after enabling BASIC_FILTERS in
>> >> shorewall.conf). "shorewall check" gave no errors but starting
>> shorewall
>> >> failed with the error below. Shorewall version is 5.1.5
>> >>
>> >> Adding Providers...
>> >> Setting up Traffic Control...
>> >> cmp: invalid mask
>> >> ... cmp( u8 at 6 mask 0xff eq 6 ) and cmp( u16 at 0 layer 2 mask ffff
>> eq
>> >> 0x0016 ) and cmp( u32 at 16 mask 0xffff0000 eq 0x0a000000 >>)<< ...
>> >> ... cmp(u16 at 0 layer 2 mask >>ffff<< eq 0x0016)...
>> >> Usage: cmp(ALIGN at OFFSET [ ATTRS ] { eq | lt | gt } VALUE)
>> >> where: ALIGN := { u8 | u16 | u32 }
>> >> ATTRS := [ layer LAYER ] [ mask MASK ] [ trans ]
>> >> LAYER := { link | network | transport | 0..2 }
>> >>
>> >> Example: cmp(u16 at 3 layer 2 mask 0xff00 gt 20)
>> >> Illegal "ematch"
>> >> ERROR: Command "tc filter add dev ifb0 protocol ip parent 3:0 prio 1
>> >> basic match cmp( u8 at 6 mask 0xff eq 6 ) and cmp( u16 at 0 layer 2
>> mask
>> >> ffff eq 0x0016 ) and cmp( u32 at 16 mask 0xffff0000 eq 0x0a000000 )
>> >> flowid 3:110" Failed
>> >>
>> >
>> > It would certainly make this a lot easier to analyze if you would send
>> > me (privately) a tarball of your configuration.
>> >
>>
>> Although, I suspect that the attached patch may eliminate the problem.
>>
>> . /usr/share/shorewall/shorewallrc
>> patch $PERLLIBDIR/Shorewall/Tc.pm < TCFILTER_SPORT.patch
>>
>> -Tom
>> --
>> Tom Eastep \ Q: What do you get when you cross a mobster with
>> Shoreline, \ an international standard?
>> Washington, USA \ A: Someone who makes you an offer you can't
>> http://shorewall.org \ understand
>> \_______________________________________________
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Shorewall-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
