Re: [mpls-linux-general] problems with classes and iptables
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
Re: [mpls-linux-general] problems with classes and iptables
|
From: Adrian P. <adr...@gm...> - 2008-04-22 12:04:25
|
Hmm, strange... Is the lsmod issued after you tried to use iptables? I don't see your libipt_mpls module. Maybe try to load it before issuing the iptables command (something like modprobe libipt_mpls or modprobe ipt_mpls). As for the necessity of DSCP to TCINDEX mapping - it wouldn't be useless because in the edge of the network, you have to do L3 header analysis. In the rest of the network you shouldn't do that and base your decisions on the MPLS header (including EXP bits). But if you only need to enforce bandwidth at the edge of the network - it can be done by mapping DSCP to TCINDEX. I've thought a bit about it and I think the tc command has such a mapping, but I don't know the actual syntax... Cheers! Adrian On Tue, Apr 22, 2008 at 2:55 PM, luc...@li... <luc...@li...> wrote: > SELinux seems to be disabled... > > dmesg | grep -i selinux > > SELinux: Initializing. > SELinux: Starting in permissive mode > selinux_register_security: Registering secondary module capability > SELinux: Registering netfilter hooks > SELinux: Disabled at runtime. > SELinux: Unregistering netfilter hooks > audit(1208846620.480:2): selinux=0 auid=4294967295 > > And here is my lsmod: > > lsmod > Module Size Used by > xt_mpls 6081 0 > xt_dscp 5953 0 > fuse 38613 2 > rfcomm 36953 0 > l2cap 25665 9 rfcomm > bluetooth 49317 4 rfcomm,l2cap > sunrpc 140765 1 > nf_conntrack_ftp 10977 0 > nf_conntrack_ipv4 11717 0 > xt_state 6081 0 > nf_conntrack 51977 3 > nf_conntrack_ftp,nf_conntrack_ipv4,xt_state > nfnetlink 8281 2 nf_conntrack_ipv4,nf_conntrack > xt_tcpudp 6977 0 > ipt_REJECT 7617 0 > iptable_filter 6465 1 > ip_tables 14213 1 iptable_filter > ip6table_filter 6337 0 > ip6_tables 15109 1 ip6table_filter > x_tables 14277 7 > xt_mpls,xt_dscp,xt_state,xt_tcpudp,ipt_REJECT,ip_tables,ip6_tables > loop 16581 0 > dm_multipath 18249 0 > radeon 117345 2 > drm 67029 3 radeon > ipv6 246629 12 > mpls4 8257 0 > snd_ali5451 21453 3 > snd_ac97_codec 92389 1 snd_ali5451 > ac97_bus 6081 1 snd_ac97_codec > snd_seq_dummy 6853 0 > snd_seq_oss 29889 0 > snd_seq_midi_event 9793 1 snd_seq_oss > snd_seq 44849 5 > snd_seq_dummy,snd_seq_oss,snd_seq_midi_event > snd_seq_device 10061 3 snd_seq_dummy,snd_seq_oss,snd_seq > snd_pcm_oss 37569 0 > snd_mixer_oss 16705 2 snd_pcm_oss > battery 14025 2 > snd_pcm 63813 3 snd_ali5451,snd_ac97_codec,snd_pcm_oss > parport_pc 27109 0 > ac 8133 0 > 8139cp 21697 0 > parport 32393 1 parport_pc > button 10449 0 > i2c_ali15x3 10693 0 > alim1535_wdt 8537 0 > firewire_ohci 19137 0 > snd_timer 20549 2 snd_seq,snd_pcm > floppy 53125 0 > firewire_core 36737 1 firewire_ohci > i2c_ali1535 10053 0 > joydev 12673 0 > serio_raw 9029 0 > 8139too 24513 0 > snd 43461 13 > snd_ali5451,snd_ac97_codec,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer > pcspkr 6593 0 > mii 8385 2 8139cp,8139too > i2c_core 21825 2 i2c_ali15x3,i2c_ali1535 > soundcore 9632 2 snd > crc_itu_t 6081 1 firewire_core > snd_page_alloc 11337 1 snd_pcm > sg 31965 0 > sr_mod 17509 0 > cdrom 33889 1 sr_mod > dm_snapshot 17893 0 > dm_zero 5953 0 > dm_mirror 21697 0 > dm_mod 46465 9 dm_multipath,dm_snapshot,dm_zero,dm_mirror > ata_generic 8901 0 > pata_ali 11457 3 > libata 100529 2 ata_generic,pata_ali > sd_mod 27329 4 > scsi_mod 120525 4 sg,sr_mod,libata,sd_mod > ext3 111177 2 > jbd 52585 1 ext3 > mbcache 10305 1 ext3 > uhci_hcd 23633 0 > ohci_hcd 21573 0 > ehci_hcd 31949 0 > > > Mapping DHCP directly to TCINDEX...it doesn't seem to exist such a mpls > command, but I think it wouldn't be useful, because in that way you would > "bypass" MPLS and work only with the L3 header, am I wrong? > > I think I actually need this damned iptables to work!!! > > > > |
