Re: [mpls-linux-devel] [mpls-linux-general] cannot remove iptables rule with mpls target / cannot r
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
Re: [mpls-linux-devel] [mpls-linux-general] cannot remove iptables rule with mpls target / cannot remove nhlfe key used by iptables.
|
From: Tom K. <t.k...@gm...> - 2007-12-12 14:55:19
|
Hello James, Thanks for your time. I'm using the pre-built rpms for FC6 (on FC6) version 1.958 that are available on SourceForge, i.e. the kernel,iptables etc. I have tried several ways to workaround the problem and so far no success. Flushing the chain will not work. Using a custom chain, and flushing and deleting that afterwards also will not work. Kind regards, Tom On Dec 12, 2007, at 3:25 PM, James R. Leu wrote: > On Wed, Dec 12, 2007 at 02:12:30PM +0100, Tom Kleiberg wrote: >> Hello, >> >> I came across a problem with removing an mpls target from iptables. >> Apparently, the problem was found previously and posted on the >> mailing list: >> http://sourceforge.net/mailarchive/message.php?msg_id=58990.192.168.1.72.1177109560.squirrel%40webmail.larces.uece.br >> http://sourceforge.net/mailarchive/message.php?msg_id=1801039839.20070421093542%40s2001.tu-chemnitz.de >> http://sourceforge.net/mailarchive/message.php?msg_id=4631EBCD.8090708%40gmail.com > > Completely different problem. In those posts they couldn't even > create iptables > rules. It was due to a change in kernel structures for netfilter > targets. > This is the first I'm hearing of your issue. > > Can you please provide details about the MPLS version, iptables > version, and linux > distribution you are using. > >> The target can be removed from iptables only by using the rule number >> instead of the complete rule description. >> >> Unfortunately, I encountered another issue, which could be related >> to this >> one. Namely, when a nhfle key has been used by an iptables target >> and the >> iptables rule is later removed, >> then the key can no longer be removed from the nhlfe table. The key >> can now >> only be removed from the nhlfe table by >> rebooting the pc. >> >> The following commands will show the error. >> mpls nhlfe add key 0 >> iptables -t mangle -A OUTPUT <some rule> -j mpls --nhlfe <key> >> iptables -t mangle -D OUTPUT <#some rule> >> mpls nhlfe del key <key> >> >> The last command will report the error: >> RTNETLINK answers: Device or resource busy > > What happens if you do a iptables -F instead of trying to remove > just the single rule? > >> dmesg reports: >> MPLS DEBUG net/mpls/mpls_nhlfe.c:468:mpls_del_out_label: enter >> MPLS DEBUG net/mpls/mpls_nhlfe.c:492:mpls_del_out_label: Node 4 is >> being >> used >> MPLS DEBUG net/mpls/mpls_nhlfe.c:493:mpls_del_out_label: exit >> MPLS DEBUG net/mpls/mpls_netlink.c:346:genl_mpls_nhlfe_del: Exit: -16 >> >> Can anyone confirm this problem and is there a solution/workaround? >> >> Kind regards, >> >> Tom >> t.k...@gm... > >> ------------------------------------------------------------------------- >> SF.Net email is sponsored by: >> Check out the new SourceForge.net Marketplace. >> It's the best place to buy or sell services for >> just about anything Open Source. >> http://sourceforge.net/services/buy/index.php >> _______________________________________________ >> mpls-linux-general mailing list >> mpl...@li... >> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general > > > -- > James R. Leu > jl...@mi... |
