Re: [mpls-linux-general] problems with classes and iptables
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
Re: [mpls-linux-general] problems with classes and iptables
|
From: Adrian P. <adr...@gm...> - 2008-04-23 06:17:40
|
You may be using a newer version than I used (I used 1.950). Things may have
changed. Indeed all the scripts worked on my setup (the scripts are copied
directly from the test-bed).
Good luck,
Adrian
On Tue, Apr 22, 2008 at 6:00 PM, luc...@li... <luc...@li...>
wrote:
> I tried to launch the same command on the mangle table, and it seems to
> work.
>
> [root@z10n ~]# iptables -t mangle -A FORWARD -s 172.16.30.0/24 -m dscp
> --dscp 26 -j mpls --nhlfe 0x02
>
> [root@z10n ~]# iptables -L -t mangle
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> mpls all -- 172.16.30.0/24 anywhere DSCP match
> 0x1a nhlfe 0x2
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
>
>
> Now I'll try if it works, but it seems that the problem was putting the
> rule on the mangle table instead of the (default) filter table.
> Thanks a lot, I'll keep you posted.
> Luca
>
>
> ---------- Initial Header -----------
>
> >From : "James R. Leu" jl...@mi...
> To : "luc...@li..." luc...@li...
> Cc : "mpls-linux-general"
> mpl...@li...
> Date : Tue, 22 Apr 2008 08:07:36 -0500
> Subject : Re: [mpls-linux-general] problems with classes and iptables
>
>
>
>
>
>
>
> > If I remember correctly the MPLS target should only be used
> > in the POSTROUTE or OUTPUT chains, quite possibly only in the 'mangle'
> table.
> >
> > On Tue, Apr 22, 2008 at 11:08:40AM +0200, luc...@li... wrote:
> > > Hello,
> > > I'm trying to differentiate traffic flows in MPLS by marking DSCP
> field at the source and using scheduling strategies at the LER.
> > > I tried to follow the mpls-linux labs for congestion, in which I found
> something similar to my case.
> > > In that case the steps are:
> > > 1- mapping DSCP on EXP bits of mpls header
> > > 2- mapping EXP on the tcindex (scheduling strategy)
> > >
> > > In the script by Adrian Popa there are the following commands:
> > >
> > > var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3
> exp2tc 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c
> 17-26`
> > >
> > > iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls
> --nhlfe $var_best1
> > >
> > > the iptables command answers to me:
> > > iptables: Invalid argument
> > >
> > > I've attached also the result of the command:
> > > strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls
> --nhlfe 0x02
> > >
> > > (0x02 is the previously generated key)
> > >
> > > I don't understand where's the problem: I've followed the example and
> it seems that the problem is in in the -j target of iptables...
> > > Could you please help me?
> > >
> > >
> > > Actually what I'd like to do is quite simpler: it would be enough to
> simply give a different mpls label to every class and then associate each
> label (flow) with a scheduling strategy, without marking exp bits...is it
> possible?
> > > Thanks in advance,
> > > Luca
> > >
> > >
> >
> > > execve("/sbin/iptables", ["iptables", "-A", "FORWARD", "-s", "
> 172.16.30.0/24", "-m", "dscp", "--dscp", "26", "-j", "mpls", "--nhlfe",
> "0x02"], [/* 50 vars */]) = 0
> > > brk(0) = 0x9b60000
> > > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
> directory)
> > > open("/etc/ld.so.cache", O_RDONLY) = 3
> > > fstat64(3, {st_mode=S_IFREG|0644, st_size=85989, ...}) = 0
> > > mmap2(NULL, 85989, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fe2000
> > > close(3) = 0
> > > open("/lib/libdl.so.2", O_RDONLY) = 3
> > > read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\252\207\0004\0\0\0"...,
> 512) = 512
> > > fstat64(3, {st_mode=S_IFREG|0755, st_size=20564, ...}) = 0
> > > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7fe1000
> > > mmap2(0x87a000, 16504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
> 3, 0) = 0x87a000
> > > mmap2(0x87d000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0x87d000
> > > close(3) = 0
> > > open("/lib/libselinux.so.1", O_RDONLY) = 3
> > > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\32e\0004\0\0\0"...,
> 512) = 512
> > > fstat64(3, {st_mode=S_IFREG|0755, st_size=105968, ...}) = 0
> > > mmap2(0x64e000, 109468, PROT_READ|PROT_EXEC,
> MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x64e000
> > > mmap2(0x667000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0x667000
> > > close(3) = 0
> > > open("/lib/libc.so.6", O_RDONLY) = 3
> > > read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360Ts\0004\0\0\0"..., 512)
> = 512
> > > fstat64(3, {st_mode=S_IFREG|0755, st_size=1692524, ...}) = 0
> > > mmap2(0x71f000, 1410608, PROT_READ|PROT_EXEC,
> MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71f000
> > > mmap2(0x872000, 12288, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x153) = 0x872000
> > > mmap2(0x875000, 9776, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x875000
> > > close(3) = 0
> > > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7fe0000
> > > set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fe0710,
> limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1,
> seg_not_present:0, useable:1}) = 0
> > > mprotect(0x87d000, 4096, PROT_READ) = 0
> > > mprotect(0x872000, 8192, PROT_READ) = 0
> > > mprotect(0x71b000, 4096, PROT_READ) = 0
> > > munmap(0xb7fe2000, 85989) = 0
> > > brk(0) = 0x9b60000
> > > brk(0x9b81000) = 0x9b81000
> > > open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3
> > > fstat64(3, {st_mode=S_IFREG|0644, st_size=500, ...}) = 0
> > > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7ff6000
> > > read(3, "\n# This file controls the state "..., 4096) = 500
> > > read(3, "", 4096) = 0
> > > close(3) = 0
> > > munmap(0xb7ff6000, 4096) = 0
> > > statfs64("/selinux", 84, {f_type="EXT2_SUPER_MAGIC", f_bsize=4096,
> f_blocks=1749376, f_bfree=795907, f_bavail=795907, f_files=901120,
> f_ffree=772577, f_fsid={-179335734, -77216707}, f_namelen=255,
> f_frsize=4096}) = 0
> > > open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
> > > fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
> > > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7ff6000
> > > read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 560
> > > read(3, "", 1024) = 0
> > > close(3) = 0
> > > munmap(0xb7ff6000, 4096) = 0
> > > open("/lib/iptables/libipt_dscp.so", O_RDONLY) = 3
> > > read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\6\0\0004\0\0\0"..., 512) =
> 512
> > > fstat64(3, {st_mode=S_IFREG|0755, st_size=6064, ...}) = 0
> > > mmap2(NULL, 4728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
> 0) = 0x111000
> > > mmap2(0x112000, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x112000
> > > close(3) = 0
> > > open("/lib/iptables/libipt_mpls.so", O_RDONLY) = 3
> > > read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\4\0\0004\0\0\0"...,
> 512) = 512
> > > fstat64(3, {st_mode=S_IFREG|0755, st_size=4256, ...}) = 0
> > > mmap2(NULL, 7016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
> 0) = 0x113000
> > > mmap2(0x114000, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x114000
> > > close(3) = 0
> > > socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
> > > getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
> "filter\0\0p\316<\320\0\0\0\0\0\0\0\0\0\0\0\0\360\344\354\331H\344\354\331"...,
> [84]) = 0
> > > getsockopt(3, SOL_IP, 0x41 /* IP_??? */,
> "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [980]) = 0
> > > setsockopt(3, SOL_IP, 0x40 /* IP_??? */,
> "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1228) = -1
> EINVAL (Invalid argument)
> > > write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument
> > > ) = 27
> > > exit_group(1) = ?
> > >
> >
> > >
> -------------------------------------------------------------------------
> > > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> > > Don't miss this year's exciting event. There's still time to save
> $100.
> > > Use priority code J8TL2D2.
> > >
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> > > _______________________________________________
> > > mpls-linux-general mailing list
> > > mpl...@li...
> > > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
> >
> >
> > --
> > James R. Leu
> > jl...@mi...
> >
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
>
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
>
|
