Re: [mpls-linux-general] iptables: Invalid argument
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
Re: [mpls-linux-general] iptables: Invalid argument
|
From: James R. L. <jl...@mi...> - 2009-06-22 03:02:54
|
I've finally had a chance to dig into this issue:
Looking at the output of dmesg after executing the iptables
command you will see the output:
ip_tables: mpls target: only valid in mangle table, not filter
This means you must add '-t mangle' to iptables command that try to
use the 'mpls' taget.
On Mon, May 11, 2009 at 09:11:55AM +0100, Bowden Richard E wrote:
> Hi James,
>
> Thanks for your response.
>
> Yes, the mpls4 module seems to load fine and I have been able to work
> through several of the examples created by Irina and Adrian. However, I
> am still having this problem with iptables. I did eventually twig that
> the iptables code had moved to xt_mpls and that that module is
> auto-loading itself. However, I am still getting the same error message
> ' Iptables: Invalid Argument' when I try to run an iptable mpls command.
> The command works without the mpls arguments so it is something in the
> mpls part. Has the argument structure changed at all between the
> version Irina and Adrian intended (1.950) and the Fedora 8 binaries
> (1.962).
>
> Cheers,
>
> Richard
>
> -----Original Message-----
> From: James R. Leu [mailto:jl...@mi...]
> Sent: 11 May 2009 05:31
> To: Bowden Richard E
> Cc: mpl...@li...
> Subject: Re: [mpls-linux-general] iptables: Invalid argument
>
> Hello Richard,
>
> Do you have the mpls4 module loaded?
>
> BTW the iptables code is now in xt_mpls and is build as a
> module of teh same name.
>
> On Thu, May 07, 2009 at 05:17:29PM +0100, Bowden Richard E wrote:
> > Hi,
> >
> >
> >
> > I'm trying to work through some of Irina Dumitrascu and Adrian Popa's
> > mpls examples but I am struggling to get the examples which use
> iptables
> > to work.
> >
> >
> >
> > When I run the command:
> >
> > # iptables -A FORWARD -m dscp --dscp 0x1a -j mpls --nhlfe 0x2
> >
> > The message returned is:
> >
> > Iptables: Invalid Argument
> >
> >
> >
> > Check it's running the correct version of iptables:
> >
> > #yum info iptables
> >
> > .....
> >
> > Version 1.4.1.1
> >
> > Release 2.fc8.mpls.1.962
> >
> > Repo Installed
> >
> > .....
> >
> > So we are running the correct iptables.
> >
> >
> >
> > So I tried:
> >
> > # iptables -A FORWARD -m dscp --dscp 0x1a
> >
> > which worked fine and then deleted the entry again.
> >
> >
> >
> > Added -j mpls
> >
> > # iptables -A FORWARD -m dscp --dscp 0x1a -j mpls
> >
> > Get the error message:
> >
> > mpls target: parameter --nhlfe is required
> >
> >
> >
> > That seems like good news, it understands the mpls bit and is
> expecting
> > --nhlfe
> >
> > # iptables -A FORWARD -m dscp --dscp 0x1a -j mpls -nhlfe
> >
> > Unknown arg '--nhlde'
> >
> >
> >
> > That seems weird, I was expecting an error because there is no key but
> > that error suggests it's not expecting the '--nhlde' argument.
> >
> >
> >
> > Just to check that the nhlfe table entry has gone in properly:
> >
> > # mpls nhlfe show
> >
> > NHLFE entry key 0x00000002 mtu 1492 propogate_ttl
> >
> > Blah blah blah a lot of numbers blah blah blah
> >
> >
> >
> > I have installed the kernel, iptables, iproute and ebtables packages
> > from the mpls 8 repo (v1.962) to a vanilla Fedora 8 installation in
> the
> > hopes of keeping everything simple and not have to recompile things.
> I
> > have also installed the iptables from source. Can anyone tell me what
> > is going wrong?
> >
> >
> >
> > One other thing that strikes me as odd: I have seen reference on the
> > internet a few times to the ipt_mpls module which it makes sense
> should
> > be loaded. Checked lsmod and it's not there. '# Modprobe ipt_mpls'
> > does not return an error but the module still does not show up in
> lsmod
> > and I can't find an ipt_mpls.ko file anywhere on the computer,
> > especially under ..../kernel/net/ipv4/netfilter/ipt_mpls.ko where I'd
> > expect to find it.
> >
> >
> >
> > I have
> >
> >
> >
> > Richard
> >
> >
> >
> >
> > The information contained in this E-Mail and any subsequent
> > correspondence is private and is intended solely for the intended
> > recipient(s). The information in this communication may be
> > confidential and/or legally privileged. Nothing in this e-mail is
> > intended to conclude a contract on behalf of QinetiQ or make QinetiQ
> > subject to any other legally binding commitments, unless the e-mail
> > contains an express statement to the contrary or incorporates a formal
> Purchase Order.
> >
> > For those other than the recipient any disclosure, copying,
> > distribution, or any action taken or omitted to be taken in reliance
> > on such information is prohibited and may be unlawful.
> >
> > Emails and other electronic communication with QinetiQ may be
> > monitored and recorded for business purposes including security, audit
>
> > and archival purposes. Any response to this email indicates consent
> > to this.
> >
> > Telephone calls to QinetiQ may be monitored or recorded for quality
> > control, security and other business purposes.
> >
> > QinetiQ Limited
> > Registered in England & Wales: Company Number:3796233
> > Registered office: 85 Buckingham Gate, London SW1E 6PD, United Kingdom
> > Trading address: Cody Technology Park, Cody Building, Ively Road,
> Farnborough, Hampshire, GU14 0LX, United Kingdom
> > http://www.qinetiq.com/home/notices/legal.html
>
> >
> ------------------------------------------------------------------------
> ------
> > The NEW KODAK i700 Series Scanners deliver under ANY circumstances!
> Your
> > production scanning environment may not be a perfect world - but
> thanks to
> > Kodak, there's a perfect scanner to get the job done! With the NEW
> KODAK i700
> > Series Scanner you'll get full speed at 300 dpi even with all image
> > processing features enabled. http://p.sf.net/sfu/kodak-com
> > _______________________________________________
> > mpls-linux-general mailing list
> > mpl...@li...
> > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
>
>
> --
> James R. Leu
> jl...@mi...
> The QinetiQ e-mail privacy policy and company information is detailed elsewhere in the body of this email.
--
James R. Leu
jl...@mi...
|
