Re: [mpls-linux-general] problems with classes and iptables

[lucapilosu\@libero\.it <luc...@li...>]

SELinux seems to be disabled...

dmesg | grep -i selinux

SELinux:  Initializing.
SELinux:  Starting in permissive mode
selinux_register_security:  Registering secondary module capability
SELinux:  Registering netfilter hooks
SELinux:  Disabled at runtime.
SELinux:  Unregistering netfilter hooks
audit(1208846620.480:2): selinux=0 auid=4294967295

And here is my lsmod:

lsmod
Module                  Size  Used by
xt_mpls                 6081  0
xt_dscp                 5953  0
fuse                   38613  2
rfcomm                 36953  0
l2cap                  25665  9 rfcomm
bluetooth              49317  4 rfcomm,l2cap
sunrpc                140765  1
nf_conntrack_ftp       10977  0
nf_conntrack_ipv4      11717  0
xt_state                6081  0
nf_conntrack           51977  3 nf_conntrack_ftp,nf_conntrack_ipv4,xt_state
nfnetlink               8281  2 nf_conntrack_ipv4,nf_conntrack
xt_tcpudp               6977  0
ipt_REJECT              7617  0
iptable_filter          6465  1
ip_tables              14213  1 iptable_filter
ip6table_filter         6337  0
ip6_tables             15109  1 ip6table_filter
x_tables               14277  7 xt_mpls,xt_dscp,xt_state,xt_tcpudp,ipt_REJECT,ip_tables,ip6_tables
loop                   16581  0
dm_multipath           18249  0
radeon                117345  2
drm                    67029  3 radeon
ipv6                  246629  12
mpls4                   8257  0
snd_ali5451            21453  3
snd_ac97_codec         92389  1 snd_ali5451
ac97_bus                6081  1 snd_ac97_codec
snd_seq_dummy           6853  0
snd_seq_oss            29889  0
snd_seq_midi_event      9793  1 snd_seq_oss
snd_seq                44849  5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event
snd_seq_device         10061  3 snd_seq_dummy,snd_seq_oss,snd_seq
snd_pcm_oss            37569  0
snd_mixer_oss          16705  2 snd_pcm_oss
battery                14025  2
snd_pcm                63813  3 snd_ali5451,snd_ac97_codec,snd_pcm_oss
parport_pc             27109  0
ac                      8133  0
8139cp                 21697  0
parport                32393  1 parport_pc
button                 10449  0
i2c_ali15x3            10693  0
alim1535_wdt            8537  0
firewire_ohci          19137  0
snd_timer              20549  2 snd_seq,snd_pcm
floppy                 53125  0
firewire_core          36737  1 firewire_ohci
i2c_ali1535            10053  0
joydev                 12673  0
serio_raw               9029  0
8139too                24513  0
snd                    43461  13 snd_ali5451,snd_ac97_codec,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer
pcspkr                  6593  0
mii                     8385  2 8139cp,8139too
i2c_core               21825  2 i2c_ali15x3,i2c_ali1535
soundcore               9632  2 snd
crc_itu_t               6081  1 firewire_core
snd_page_alloc         11337  1 snd_pcm
sg                     31965  0
sr_mod                 17509  0
cdrom                  33889  1 sr_mod
dm_snapshot            17893  0
dm_zero                 5953  0
dm_mirror              21697  0
dm_mod                 46465  9 dm_multipath,dm_snapshot,dm_zero,dm_mirror
ata_generic             8901  0
pata_ali               11457  3
libata                100529  2 ata_generic,pata_ali
sd_mod                 27329  4
scsi_mod              120525  4 sg,sr_mod,libata,sd_mod
ext3                  111177  2
jbd                    52585  1 ext3
mbcache                10305  1 ext3
uhci_hcd               23633  0
ohci_hcd               21573  0
ehci_hcd               31949  0


Mapping DHCP directly to TCINDEX...it doesn't seem to exist such a mpls command, but I think it wouldn't be useful, because in that way you would "bypass" MPLS and work only with the L3 header, am I wrong?

I think I actually need this damned iptables to work!!!