Re: [mpls-linux-general] problems with classes and iptables
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
Re: [mpls-linux-general] problems with classes and iptables
|
From: lucapilosu\@libero\.it <luc...@li...> - 2008-04-22 15:03:29
|
I tried to launch the same command on the mangle table, and it seems to work.
[root@z10n ~]# iptables -t mangle -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x02
[root@z10n ~]# iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
mpls all -- 172.16.30.0/24 anywhere DSCP match 0x1a nhlfe 0x2
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Now I'll try if it works, but it seems that the problem was putting the rule on the mangle table instead of the (default) filter table.
Thanks a lot, I'll keep you posted.
Luca
---------- Initial Header -----------
>From : "James R. Leu" jl...@mi...
To : "luc...@li..." luc...@li...
Cc : "mpls-linux-general" mpl...@li...
Date : Tue, 22 Apr 2008 08:07:36 -0500
Subject : Re: [mpls-linux-general] problems with classes and iptables
> If I remember correctly the MPLS target should only be used
> in the POSTROUTE or OUTPUT chains, quite possibly only in the 'mangle' table.
>
> On Tue, Apr 22, 2008 at 11:08:40AM +0200, luc...@li... wrote:
> > Hello,
> > I'm trying to differentiate traffic flows in MPLS by marking DSCP field at the source and using scheduling strategies at the LER.
> > I tried to follow the mpls-linux labs for congestion, in which I found something similar to my case.
> > In that case the steps are:
> > 1- mapping DSCP on EXP bits of mpls header
> > 2- mapping EXP on the tcindex (scheduling strategy)
> >
> > In the script by Adrian Popa there are the following commands:
> >
> > var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3 exp2tc 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c 17-26`
> >
> > iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe $var_best1
> >
> > the iptables command answers to me:
> > iptables: Invalid argument
> >
> > I've attached also the result of the command:
> > strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x02
> >
> > (0x02 is the previously generated key)
> >
> > I don't understand where's the problem: I've followed the example and it seems that the problem is in in the -j target of iptables...
> > Could you please help me?
> >
> >
> > Actually what I'd like to do is quite simpler: it would be enough to simply give a different mpls label to every class and then associate each label (flow) with a scheduling strategy, without marking exp bits...is it possible?
> > Thanks in advance,
> > Luca
> >
> >
>
> > execve("/sbin/iptables", ["iptables", "-A", "FORWARD", "-s", "172.16.30.0/24", "-m", "dscp", "--dscp", "26", "-j", "mpls", "--nhlfe", "0x02"], [/* 50 vars */]) = 0
> > brk(0) = 0x9b60000
> > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
> > open("/etc/ld.so.cache", O_RDONLY) = 3
> > fstat64(3, {st_mode=S_IFREG|0644, st_size=85989, ...}) = 0
> > mmap2(NULL, 85989, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fe2000
> > close(3) = 0
> > open("/lib/libdl.so.2", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\252\207\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=20564, ...}) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe1000
> > mmap2(0x87a000, 16504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x87a000
> > mmap2(0x87d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0x87d000
> > close(3) = 0
> > open("/lib/libselinux.so.1", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\32e\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=105968, ...}) = 0
> > mmap2(0x64e000, 109468, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x64e000
> > mmap2(0x667000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0x667000
> > close(3) = 0
> > open("/lib/libc.so.6", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360Ts\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=1692524, ...}) = 0
> > mmap2(0x71f000, 1410608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71f000
> > mmap2(0x872000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x153) = 0x872000
> > mmap2(0x875000, 9776, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x875000
> > close(3) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe0000
> > set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fe0710, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
> > mprotect(0x87d000, 4096, PROT_READ) = 0
> > mprotect(0x872000, 8192, PROT_READ) = 0
> > mprotect(0x71b000, 4096, PROT_READ) = 0
> > munmap(0xb7fe2000, 85989) = 0
> > brk(0) = 0x9b60000
> > brk(0x9b81000) = 0x9b81000
> > open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3
> > fstat64(3, {st_mode=S_IFREG|0644, st_size=500, ...}) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000
> > read(3, "\n# This file controls the state "..., 4096) = 500
> > read(3, "", 4096) = 0
> > close(3) = 0
> > munmap(0xb7ff6000, 4096) = 0
> > statfs64("/selinux", 84, {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=1749376, f_bfree=795907, f_bavail=795907, f_files=901120, f_ffree=772577, f_fsid={-179335734, -77216707}, f_namelen=255, f_frsize=4096}) = 0
> > open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
> > fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000
> > read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 560
> > read(3, "", 1024) = 0
> > close(3) = 0
> > munmap(0xb7ff6000, 4096) = 0
> > open("/lib/iptables/libipt_dscp.so", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\6\0\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=6064, ...}) = 0
> > mmap2(NULL, 4728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x111000
> > mmap2(0x112000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x112000
> > close(3) = 0
> > open("/lib/iptables/libipt_mpls.so", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\4\0\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=4256, ...}) = 0
> > mmap2(NULL, 7016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x113000
> > mmap2(0x114000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x114000
> > close(3) = 0
> > socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
> > getsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0p\316<\320\0\0\0\0\0\0\0\0\0\0\0\0\360\344\354\331H\344\354\331"..., [84]) = 0
> > getsockopt(3, SOL_IP, 0x41 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [980]) = 0
> > setsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1228) = -1 EINVAL (Invalid argument)
> > write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument
> > ) = 27
> > exit_group(1) = ?
> >
>
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> > Don't miss this year's exciting event. There's still time to save $100.
> > Use priority code J8TL2D2.
> > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> > _______________________________________________
> > mpls-linux-general mailing list
> > mpl...@li...
> > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
>
>
> --
> James R. Leu
> jl...@mi...
>
|
