Re: [mpls-linux-general] problems with classes and iptables

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

If I remember correctly the MPLS target should only be used
in the POSTROUTE or OUTPUT chains, quite possibly only in the 'mangle' table.

On Tue, Apr 22, 2008 at 11:08:40AM +0200, luc...@li... wrote:
> Hello,
> I'm trying to differentiate traffic flows in MPLS by marking DSCP field at the source and using scheduling strategies at the LER.
> I tried to follow the mpls-linux labs for congestion, in which I found something similar to my case.
> In that case the steps are:
> 1- mapping DSCP on EXP bits of mpls header
> 2- mapping EXP on the tcindex (scheduling strategy)
> 
> In the script by Adrian Popa there are the following commands:
> 
> var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3 exp2tc 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c 17-26`
> 
> iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe $var_best1
> 
> the iptables command answers to me:
> iptables: Invalid argument
> 
> I've attached also the result of the command:
> strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x02
> 
> (0x02 is the previously generated key)
> 
> I don't understand where's the problem: I've followed the example and it seems that the problem is in in the -j target of iptables...
> Could you please help me?
> 
> 
> Actually what I'd like to do is quite simpler: it would be enough to simply give a different mpls label to every class and then associate each label (flow) with a scheduling strategy, without marking exp bits...is it possible?
> Thanks in advance,
> Luca
> 
> 

> execve("/sbin/iptables", ["iptables", "-A", "FORWARD", "-s", "172.16.30.0/24", "-m", "dscp", "--dscp", "26", "-j", "mpls", "--nhlfe", "0x02"], [/* 50 vars */]) = 0
> brk(0)                                  = 0x9b60000
> access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
> open("/etc/ld.so.cache", O_RDONLY)      = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=85989, ...}) = 0
> mmap2(NULL, 85989, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fe2000
> close(3)                                = 0
> open("/lib/libdl.so.2", O_RDONLY)       = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\252\207\0004\0\0\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=20564, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe1000
> mmap2(0x87a000, 16504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x87a000
> mmap2(0x87d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0x87d000
> close(3)                                = 0
> open("/lib/libselinux.so.1", O_RDONLY)  = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\32e\0004\0\0\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=105968, ...}) = 0
> mmap2(0x64e000, 109468, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x64e000
> mmap2(0x667000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0x667000
> close(3)                                = 0
> open("/lib/libc.so.6", O_RDONLY)        = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360Ts\0004\0\0\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=1692524, ...}) = 0
> mmap2(0x71f000, 1410608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71f000
> mmap2(0x872000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x153) = 0x872000
> mmap2(0x875000, 9776, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x875000
> close(3)                                = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe0000
> set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fe0710, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
> mprotect(0x87d000, 4096, PROT_READ)     = 0
> mprotect(0x872000, 8192, PROT_READ)     = 0
> mprotect(0x71b000, 4096, PROT_READ)     = 0
> munmap(0xb7fe2000, 85989)               = 0
> brk(0)                                  = 0x9b60000
> brk(0x9b81000)                          = 0x9b81000
> open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3
> fstat64(3, {st_mode=S_IFREG|0644, st_size=500, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000
> read(3, "\n# This file controls the state "..., 4096) = 500
> read(3, "", 4096)                       = 0
> close(3)                                = 0
> munmap(0xb7ff6000, 4096)                = 0
> statfs64("/selinux", 84, {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=1749376, f_bfree=795907, f_bavail=795907, f_files=901120, f_ffree=772577, f_fsid={-179335734, -77216707}, f_namelen=255, f_frsize=4096}) = 0
> open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
> fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000
> read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 560
> read(3, "", 1024)                       = 0
> close(3)                                = 0
> munmap(0xb7ff6000, 4096)                = 0
> open("/lib/iptables/libipt_dscp.so", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\6\0\0004\0\0\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=6064, ...}) = 0
> mmap2(NULL, 4728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x111000
> mmap2(0x112000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x112000
> close(3)                                = 0
> open("/lib/iptables/libipt_mpls.so", O_RDONLY) = 3
> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\4\0\0004\0\0\0"..., 512) = 512
> fstat64(3, {st_mode=S_IFREG|0755, st_size=4256, ...}) = 0
> mmap2(NULL, 7016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x113000
> mmap2(0x114000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x114000
> close(3)                                = 0
> socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
> getsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0p\316<\320\0\0\0\0\0\0\0\0\0\0\0\0\360\344\354\331H\344\354\331"..., [84]) = 0
> getsockopt(3, SOL_IP, 0x41 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [980]) = 0
> setsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1228) = -1 EINVAL (Invalid argument)
> write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument
> ) = 27
> exit_group(1)                           = ?
> 

> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
> Don't miss this year's exciting event. There's still time to save $100. 
> Use priority code J8TL2D2. 
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general

-- 
James R. Leu
jl...@mi...