[mpls-linux-devel] iptables filtering problem
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
[mpls-linux-devel] iptables filtering problem
|
From: Tom K. <t.k...@gm...> - 2007-12-20 14:23:11
|
Hello all, I have run into another problem with iptables. However, I am not fully certain if it is related to the mpls implementation or possibly an iptables bug. The following is happening: 1. I set up an explicit LSP using the mpls cli 2. create a rule in the mangle table, POSTROUTING chain, where the target is the mpls key. Furthermore, I use a filter expression where I filter on the protocol, source and destination ipaddress and portnumbers. 3. Now, when I send packets from this node to the destination, and use tcpdump to monitor the packets, I correctly see the MPLS packets appearing. So far, so good. But when I use another portnumber or protocol to send the packets (without changing the iptables rule), I STILL see MPLS packets. Moreover, when I remove the rule from the IPTABLES but not the LSP, I still see the MPLS packets. This is unwanted behavior, I think. I have also tried sending packets at different portnumbers BEFORE sending any packet over the LSP, and then the behavior is as expected, namely that there are no MPLS packets created. After the LSP is removed, the MPLS packets correctly disappear. As I said earlier, I am not sure if it is an iptables problem, because to test it, I require some other mangle target and sofar MPLS is the only I have up and running. Perhaps anybody can confirm this behavior? I am using the 1.959 version of mpls linux together with FC6. p.s. The problem also occurs for the OUTPUT chain. Kind regards, Tom t.k...@gm... |
