Re: [mpls-linux-general] problems using netfilter

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

Ulrich D=FCrholz wrote:

>=20
> Hi all,
>=20
> we have encountered some problems using
> the mpls-iptables patch. We wanted to use
> netfilter at the ingress node to bind labels
> to specific ip traffic.
> Here's what we did:
> - first patched linux kernel 2.4.14 with mpls-linux-0.993
> - second applied mpls-iptables-0.3 patch (.full patch)
> - made menuconfig ("netfilter MPLS match support",
> "Packet mangling/MPLS target support" + the "normal"
> MPLS stuff)
> - patched and compiled iptables 1.2.2
>=20
> Excerpt from our configuration script:
>=20
> ...
> mplsadm -v -A -O gen:33:eth1:ipv4:192.168.2.3
>=20
> KEY3=3D`grep 'gen 33' /proc/net/mpls_out | cut -d' ' -f1`
>=20
> iptables -v -I PREROUTING -t mangle -d 192.168.6.1 \
> -s 192.168.5.2 -j MPLS --set-mpls 0x$KEY3
>=20

All seems correct. Can you send me the topology of the network ? Is=20
192.168.2.3 the Egress node ? Where do you perform this command ? on =
the=20
Ingress node ?

I post some month ago (look at the mailing list) a version 0.4 of our=20
patch which resolved some pb., add TC support and let the user use=20
directly the label for iptables instead of the key.

>=20
> This all works so far (giving no error messages
> from mplsadm or iptables), but the traffic seems
> to be forwarded normally using the ip routing table,
> although the packet counter of iptables shows that
> the rule matched.
>=20

Can activate the trace i.e. perform mplsadm -d then ping 192.168.6.2=20
from 192.168.5.2 and look at the console kernel log. Normally you'll =
can=20
see some mpls stuff and especially the rt_next_sethop message telling=20
that you match the iptable rules.

Hope you this help,

Olivier

PS. Like Jim suggest take a look at the recent mpls cvs version.=20
Unfortunately i haven't any time to try it, but it seems greet.
--=20
  FTR&D/DAC/CPN
  Technopole Anticipa     | mailto:Oli...@fr...
  2, Avenue Pierre Marzin | Phone:  +(33) 2 96 05 28 80
  F-22307 LANNION         | Fax:    +(33) 2 96 05 18 52