Re: [mpls-linux-devel] [mpls-linux-general] cannot remove iptables rule with mpls target / cannot r
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
Re: [mpls-linux-devel] [mpls-linux-general] cannot remove iptables rule with mpls target / cannot remove nhlfe key used by iptables.
|
From: James R. L. <jl...@mi...> - 2007-12-13 05:31:30
|
Just wanted to confirm that I'm seeing this issue on mpls-linux 1.958 on FC6 (and F7 and F8). I will dig into it. On Wed, Dec 12, 2007 at 03:55:11PM +0100, Tom Kleiberg wrote: > Hello James, >=20 > Thanks for your time. I'm using the pre-built rpms for FC6 (on FC6) =20 > version 1.958 that are available on SourceForge, i.e. the =20 > kernel,iptables etc. I have tried several ways to workaround the =20 > problem and so far no success. Flushing the chain will not work. Using = =20 > a custom chain, and flushing and deleting that afterwards also will =20 > not work. >=20 > Kind regards, >=20 > Tom >=20 >=20 >=20 > On Dec 12, 2007, at 3:25 PM, James R. Leu wrote: >=20 > >On Wed, Dec 12, 2007 at 02:12:30PM +0100, Tom Kleiberg wrote: > >>Hello, > >> > >>I came across a problem with removing an mpls target from iptables. > >>Apparently, the problem was found previously and posted on the =20 > >>mailing list: > >>http://sourceforge.net/mailarchive/message.php?msg_id=3D58990.192.168.1= .72.1177109560.squirrel%40webmail.larces.uece.br > >>http://sourceforge.net/mailarchive/message.php?msg_id=3D1801039839.2007= 0421093542%40s2001.tu-chemnitz.de > >>http://sourceforge.net/mailarchive/message.php?msg_id=3D4631EBCD.809070= 8%40gmail.com > > > >Completely different problem. In those posts they couldn't even =20 > >create iptables > >rules. It was due to a change in kernel structures for netfilter =20 > >targets. > >This is the first I'm hearing of your issue. > > > >Can you please provide details about the MPLS version, iptables =20 > >version, and linux > >distribution you are using. > > > >>The target can be removed from iptables only by using the rule number > >>instead of the complete rule description. > >> > >>Unfortunately, I encountered another issue, which could be related =20 > >>to this > >>one. Namely, when a nhfle key has been used by an iptables target =20 > >>and the > >>iptables rule is later removed, > >>then the key can no longer be removed from the nhlfe table. The key =20 > >>can now > >>only be removed from the nhlfe table by > >>rebooting the pc. > >> > >>The following commands will show the error. > >>mpls nhlfe add key 0 > >>iptables -t mangle -A OUTPUT <some rule> -j mpls --nhlfe <key> > >>iptables -t mangle -D OUTPUT <#some rule> > >>mpls nhlfe del key <key> > >> > >>The last command will report the error: > >>RTNETLINK answers: Device or resource busy > > > >What happens if you do a iptables -F instead of trying to remove > >just the single rule? > > > >>dmesg reports: > >>MPLS DEBUG net/mpls/mpls_nhlfe.c:468:mpls_del_out_label: enter > >>MPLS DEBUG net/mpls/mpls_nhlfe.c:492:mpls_del_out_label: Node 4 is =20 > >>being > >>used > >>MPLS DEBUG net/mpls/mpls_nhlfe.c:493:mpls_del_out_label: exit > >>MPLS DEBUG net/mpls/mpls_netlink.c:346:genl_mpls_nhlfe_del: Exit: -16 > >> > >>Can anyone confirm this problem and is there a solution/workaround? > >> > >>Kind regards, > >> > >>Tom > >>t.k...@gm... > > > >>-----------------------------------------------------------------------= -- > >>SF.Net email is sponsored by: > >>Check out the new SourceForge.net Marketplace. > >>It's the best place to buy or sell services for > >>just about anything Open Source. > >>http://sourceforge.net/services/buy/index.php > >>_______________________________________________ > >>mpls-linux-general mailing list > >>mpl...@li... > >>https://lists.sourceforge.net/lists/listinfo/mpls-linux-general > > > > > >--=20 > >James R. Leu > >jl...@mi... --=20 James R. Leu jl...@mi... |
