[mpls-linux-general] iptables: Invalid argument

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I'm trying to work through some of Irina Dumitrascu and Adrian Popa's
mpls examples but I am struggling to get the examples which use iptables
to work.  

When I run the command:

# iptables -A FORWARD -m dscp --dscp 0x1a -j mpls --nhlfe 0x2

The message returned is:

Iptables: Invalid Argument

Check it's running the correct version of iptables:

#yum info iptables

.....

Version             1.4.1.1

Release            2.fc8.mpls.1.962

Repo                 Installed

.....

So we are running the correct iptables.

So I tried:

# iptables -A FORWARD -m dscp --dscp 0x1a

which worked fine and then deleted the entry again.

Added -j mpls

# iptables -A FORWARD -m dscp --dscp 0x1a -j mpls

Get the error message:

mpls target: parameter --nhlfe is required

That seems like good news, it understands the mpls bit and is expecting
--nhlfe

# iptables -A FORWARD -m dscp --dscp 0x1a -j mpls -nhlfe

Unknown arg '--nhlde'

That seems weird, I was expecting an error because there is no key but
that error suggests it's not expecting the '--nhlde' argument.

Just to check that the nhlfe table entry has gone in properly:

# mpls nhlfe show

NHLFE entry key 0x00000002 mtu 1492 propogate_ttl

            Blah blah blah a lot of numbers blah blah blah

I have installed the kernel, iptables, iproute and ebtables packages
from the mpls 8 repo (v1.962) to a vanilla Fedora 8 installation in the
hopes of keeping everything simple and not have to recompile things.  I
have also installed the iptables from source.  Can anyone tell me what
is going wrong?

One other thing that strikes me as odd: I have seen reference on the
internet a few times to the ipt_mpls module which it makes sense should
be loaded.  Checked lsmod and it's not there.  '# Modprobe ipt_mpls'
does not return an error but the module still does not show up in lsmod
and I can't find an ipt_mpls.ko file anywhere on the computer,
especially under ..../kernel/net/ipv4/netfilter/ipt_mpls.ko where I'd
expect to find it.

I have 

Richard

The information contained in this E-Mail and any subsequent 
correspondence is private and is intended solely for the intended 
recipient(s).  The information in this communication may be 
confidential and/or legally privileged.  Nothing in this e-mail is 
intended to conclude a contract on behalf of QinetiQ or make QinetiQ 
subject to any other legally binding commitments, unless the e-mail 
contains an express statement to the contrary or incorporates a formal Purchase Order.

For those other than the recipient any disclosure, copying, 
distribution, or any action taken or omitted to be taken in reliance 
on such information is prohibited and may be unlawful.

Emails and other electronic communication with QinetiQ may be 
monitored and recorded for business purposes including security, audit 
and archival purposes.  Any response to this email indicates consent 
to this.

Telephone calls to QinetiQ may be monitored or recorded for quality 
control, security and other business purposes.

QinetiQ Limited
Registered in England & Wales: Company Number:3796233
Registered office: 85 Buckingham Gate, London SW1E 6PD, United Kingdom
Trading address: Cody Technology Park, Cody Building, Ively Road, Farnborough, Hampshire, GU14 0LX, United Kingdom 
http://www.qinetiq.com/home/notices/legal.html