Thread: Re: [mpls-linux-general] problems with classes and iptables
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
mpls-linux-general
|
From: lucapilosu\@libero\.it <luc...@li...> - 2008-04-22 11:56:06
|
SELinux seems to be disabled... dmesg | grep -i selinux SELinux: Initializing. SELinux: Starting in permissive mode selinux_register_security: Registering secondary module capability SELinux: Registering netfilter hooks SELinux: Disabled at runtime. SELinux: Unregistering netfilter hooks audit(1208846620.480:2): selinux=0 auid=4294967295 And here is my lsmod: lsmod Module Size Used by xt_mpls 6081 0 xt_dscp 5953 0 fuse 38613 2 rfcomm 36953 0 l2cap 25665 9 rfcomm bluetooth 49317 4 rfcomm,l2cap sunrpc 140765 1 nf_conntrack_ftp 10977 0 nf_conntrack_ipv4 11717 0 xt_state 6081 0 nf_conntrack 51977 3 nf_conntrack_ftp,nf_conntrack_ipv4,xt_state nfnetlink 8281 2 nf_conntrack_ipv4,nf_conntrack xt_tcpudp 6977 0 ipt_REJECT 7617 0 iptable_filter 6465 1 ip_tables 14213 1 iptable_filter ip6table_filter 6337 0 ip6_tables 15109 1 ip6table_filter x_tables 14277 7 xt_mpls,xt_dscp,xt_state,xt_tcpudp,ipt_REJECT,ip_tables,ip6_tables loop 16581 0 dm_multipath 18249 0 radeon 117345 2 drm 67029 3 radeon ipv6 246629 12 mpls4 8257 0 snd_ali5451 21453 3 snd_ac97_codec 92389 1 snd_ali5451 ac97_bus 6081 1 snd_ac97_codec snd_seq_dummy 6853 0 snd_seq_oss 29889 0 snd_seq_midi_event 9793 1 snd_seq_oss snd_seq 44849 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event snd_seq_device 10061 3 snd_seq_dummy,snd_seq_oss,snd_seq snd_pcm_oss 37569 0 snd_mixer_oss 16705 2 snd_pcm_oss battery 14025 2 snd_pcm 63813 3 snd_ali5451,snd_ac97_codec,snd_pcm_oss parport_pc 27109 0 ac 8133 0 8139cp 21697 0 parport 32393 1 parport_pc button 10449 0 i2c_ali15x3 10693 0 alim1535_wdt 8537 0 firewire_ohci 19137 0 snd_timer 20549 2 snd_seq,snd_pcm floppy 53125 0 firewire_core 36737 1 firewire_ohci i2c_ali1535 10053 0 joydev 12673 0 serio_raw 9029 0 8139too 24513 0 snd 43461 13 snd_ali5451,snd_ac97_codec,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer pcspkr 6593 0 mii 8385 2 8139cp,8139too i2c_core 21825 2 i2c_ali15x3,i2c_ali1535 soundcore 9632 2 snd crc_itu_t 6081 1 firewire_core snd_page_alloc 11337 1 snd_pcm sg 31965 0 sr_mod 17509 0 cdrom 33889 1 sr_mod dm_snapshot 17893 0 dm_zero 5953 0 dm_mirror 21697 0 dm_mod 46465 9 dm_multipath,dm_snapshot,dm_zero,dm_mirror ata_generic 8901 0 pata_ali 11457 3 libata 100529 2 ata_generic,pata_ali sd_mod 27329 4 scsi_mod 120525 4 sg,sr_mod,libata,sd_mod ext3 111177 2 jbd 52585 1 ext3 mbcache 10305 1 ext3 uhci_hcd 23633 0 ohci_hcd 21573 0 ehci_hcd 31949 0 Mapping DHCP directly to TCINDEX...it doesn't seem to exist such a mpls command, but I think it wouldn't be useful, because in that way you would "bypass" MPLS and work only with the L3 header, am I wrong? I think I actually need this damned iptables to work!!! |
|
From: lucapilosu\@libero\.it <luc...@li...> - 2008-04-22 13:02:20
|
Yes, the lsmod is issued after the command. After that, I've tried to do: modprobe ipt_mpls but the iptables still doesn't work, and the lsmod gives always the same output. (I wonder if the modprobe loaded something, but with "modprobe libipt_mpls" it outputs: FATAL: Module libipt_mpls not found) About DSCP-->TCINDEX, my idea was to analyze the interaction of MPLS and L3 scheduling also inside the MPLS cloud, where I would like not to look at IP header! Luca |
|
From: James R. L. <jl...@mi...> - 2008-04-22 13:08:56
|
In more recent kernels ipt_mpls has been changed to xt_mpls. xt_mpls works with IPv4 and IPv6 netfilter rules. On Tue, Apr 22, 2008 at 03:02:10PM +0200, luc...@li... wrote: > Yes, the lsmod is issued after the command. > After that, I've tried to do: > > modprobe ipt_mpls > > but the iptables still doesn't work, and the lsmod gives always the same output. > (I wonder if the modprobe loaded something, but with "modprobe libipt_mpls" it outputs: > FATAL: Module libipt_mpls not found) > > About DSCP-->TCINDEX, my idea was to analyze the interaction of MPLS and L3 scheduling also inside the MPLS cloud, where I would like not to look at IP header! > Luca > > > > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > mpls-linux-general mailing list > mpl...@li... > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general -- James R. Leu jl...@mi... |
|
From: lucapilosu\@libero\.it <luc...@li...> - 2008-04-22 14:06:01
|
I don't know if I'm using the correct syntax, but I'm following the examples by Adrian Popa and I can't run one of the commands on the scripts.
I think he ran all his scripts and they work fine, most probably it's something wrong on my configuration!
Any idea about it?
Anyway, is there any reference where I can find information about this commands(MPLS target and so on)?
---------- Initial Header -----------
>From : "James R. Leu" jl...@mi...
To : "luc...@li..." luc...@li...
Cc : "mpls-linux-general" mpl...@li...
Date : Tue, 22 Apr 2008 08:07:36 -0500
Subject : Re: [mpls-linux-general] problems with classes and iptables
> If I remember correctly the MPLS target should only be used
> in the POSTROUTE or OUTPUT chains, quite possibly only in the 'mangle' table.
>
> On Tue, Apr 22, 2008 at 11:08:40AM +0200, luc...@li... wrote:
> > Hello,
> > I'm trying to differentiate traffic flows in MPLS by marking DSCP field at the source and using scheduling strategies at the LER.
> > I tried to follow the mpls-linux labs for congestion, in which I found something similar to my case.
> > In that case the steps are:
> > 1- mapping DSCP on EXP bits of mpls header
> > 2- mapping EXP on the tcindex (scheduling strategy)
> >
> > In the script by Adrian Popa there are the following commands:
> >
> > var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3 exp2tc 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c 17-26`
> >
> > iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe $var_best1
> >
> > the iptables command answers to me:
> > iptables: Invalid argument
> >
> > I've attached also the result of the command:
> > strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x02
> >
> > (0x02 is the previously generated key)
> >
> > I don't understand where's the problem: I've followed the example and it seems that the problem is in in the -j target of iptables...
> > Could you please help me?
> >
> >
> > Actually what I'd like to do is quite simpler: it would be enough to simply give a different mpls label to every class and then associate each label (flow) with a scheduling strategy, without marking exp bits...is it possible?
> > Thanks in advance,
> > Luca
> >
> >
>
> > execve("/sbin/iptables", ["iptables", "-A", "FORWARD", "-s", "172.16.30.0/24", "-m", "dscp", "--dscp", "26", "-j", "mpls", "--nhlfe", "0x02"], [/* 50 vars */]) = 0
> > brk(0) = 0x9b60000
> > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
> > open("/etc/ld.so.cache", O_RDONLY) = 3
> > fstat64(3, {st_mode=S_IFREG|0644, st_size=85989, ...}) = 0
> > mmap2(NULL, 85989, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fe2000
> > close(3) = 0
> > open("/lib/libdl.so.2", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\252\207\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=20564, ...}) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe1000
> > mmap2(0x87a000, 16504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x87a000
> > mmap2(0x87d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0x87d000
> > close(3) = 0
> > open("/lib/libselinux.so.1", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\32e\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=105968, ...}) = 0
> > mmap2(0x64e000, 109468, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x64e000
> > mmap2(0x667000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0x667000
> > close(3) = 0
> > open("/lib/libc.so.6", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360Ts\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=1692524, ...}) = 0
> > mmap2(0x71f000, 1410608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71f000
> > mmap2(0x872000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x153) = 0x872000
> > mmap2(0x875000, 9776, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x875000
> > close(3) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe0000
> > set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fe0710, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
> > mprotect(0x87d000, 4096, PROT_READ) = 0
> > mprotect(0x872000, 8192, PROT_READ) = 0
> > mprotect(0x71b000, 4096, PROT_READ) = 0
> > munmap(0xb7fe2000, 85989) = 0
> > brk(0) = 0x9b60000
> > brk(0x9b81000) = 0x9b81000
> > open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3
> > fstat64(3, {st_mode=S_IFREG|0644, st_size=500, ...}) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000
> > read(3, "\n# This file controls the state "..., 4096) = 500
> > read(3, "", 4096) = 0
> > close(3) = 0
> > munmap(0xb7ff6000, 4096) = 0
> > statfs64("/selinux", 84, {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=1749376, f_bfree=795907, f_bavail=795907, f_files=901120, f_ffree=772577, f_fsid={-179335734, -77216707}, f_namelen=255, f_frsize=4096}) = 0
> > open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
> > fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000
> > read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 560
> > read(3, "", 1024) = 0
> > close(3) = 0
> > munmap(0xb7ff6000, 4096) = 0
> > open("/lib/iptables/libipt_dscp.so", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\6\0\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=6064, ...}) = 0
> > mmap2(NULL, 4728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x111000
> > mmap2(0x112000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x112000
> > close(3) = 0
> > open("/lib/iptables/libipt_mpls.so", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\4\0\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=4256, ...}) = 0
> > mmap2(NULL, 7016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x113000
> > mmap2(0x114000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x114000
> > close(3) = 0
> > socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
> > getsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0p\316<\320\0\0\0\0\0\0\0\0\0\0\0\0\360\344\354\331H\344\354\331"..., [84]) = 0
> > getsockopt(3, SOL_IP, 0x41 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [980]) = 0
> > setsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1228) = -1 EINVAL (Invalid argument)
> > write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument
> > ) = 27
> > exit_group(1) = ?
> >
>
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> > Don't miss this year's exciting event. There's still time to save $100.
> > Use priority code J8TL2D2.
> > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> > _______________________________________________
> > mpls-linux-general mailing list
> > mpl...@li...
> > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
>
>
> --
> James R. Leu
> jl...@mi...
>
|
|
From: lucapilosu\@libero\.it <luc...@li...> - 2008-04-22 15:03:29
|
I tried to launch the same command on the mangle table, and it seems to work.
[root@z10n ~]# iptables -t mangle -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x02
[root@z10n ~]# iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
mpls all -- 172.16.30.0/24 anywhere DSCP match 0x1a nhlfe 0x2
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Now I'll try if it works, but it seems that the problem was putting the rule on the mangle table instead of the (default) filter table.
Thanks a lot, I'll keep you posted.
Luca
---------- Initial Header -----------
>From : "James R. Leu" jl...@mi...
To : "luc...@li..." luc...@li...
Cc : "mpls-linux-general" mpl...@li...
Date : Tue, 22 Apr 2008 08:07:36 -0500
Subject : Re: [mpls-linux-general] problems with classes and iptables
> If I remember correctly the MPLS target should only be used
> in the POSTROUTE or OUTPUT chains, quite possibly only in the 'mangle' table.
>
> On Tue, Apr 22, 2008 at 11:08:40AM +0200, luc...@li... wrote:
> > Hello,
> > I'm trying to differentiate traffic flows in MPLS by marking DSCP field at the source and using scheduling strategies at the LER.
> > I tried to follow the mpls-linux labs for congestion, in which I found something similar to my case.
> > In that case the steps are:
> > 1- mapping DSCP on EXP bits of mpls header
> > 2- mapping EXP on the tcindex (scheduling strategy)
> >
> > In the script by Adrian Popa there are the following commands:
> >
> > var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3 exp2tc 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c 17-26`
> >
> > iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe $var_best1
> >
> > the iptables command answers to me:
> > iptables: Invalid argument
> >
> > I've attached also the result of the command:
> > strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x02
> >
> > (0x02 is the previously generated key)
> >
> > I don't understand where's the problem: I've followed the example and it seems that the problem is in in the -j target of iptables...
> > Could you please help me?
> >
> >
> > Actually what I'd like to do is quite simpler: it would be enough to simply give a different mpls label to every class and then associate each label (flow) with a scheduling strategy, without marking exp bits...is it possible?
> > Thanks in advance,
> > Luca
> >
> >
>
> > execve("/sbin/iptables", ["iptables", "-A", "FORWARD", "-s", "172.16.30.0/24", "-m", "dscp", "--dscp", "26", "-j", "mpls", "--nhlfe", "0x02"], [/* 50 vars */]) = 0
> > brk(0) = 0x9b60000
> > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
> > open("/etc/ld.so.cache", O_RDONLY) = 3
> > fstat64(3, {st_mode=S_IFREG|0644, st_size=85989, ...}) = 0
> > mmap2(NULL, 85989, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fe2000
> > close(3) = 0
> > open("/lib/libdl.so.2", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\252\207\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=20564, ...}) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe1000
> > mmap2(0x87a000, 16504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x87a000
> > mmap2(0x87d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0x87d000
> > close(3) = 0
> > open("/lib/libselinux.so.1", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\32e\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=105968, ...}) = 0
> > mmap2(0x64e000, 109468, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x64e000
> > mmap2(0x667000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0x667000
> > close(3) = 0
> > open("/lib/libc.so.6", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360Ts\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=1692524, ...}) = 0
> > mmap2(0x71f000, 1410608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71f000
> > mmap2(0x872000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x153) = 0x872000
> > mmap2(0x875000, 9776, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x875000
> > close(3) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe0000
> > set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fe0710, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
> > mprotect(0x87d000, 4096, PROT_READ) = 0
> > mprotect(0x872000, 8192, PROT_READ) = 0
> > mprotect(0x71b000, 4096, PROT_READ) = 0
> > munmap(0xb7fe2000, 85989) = 0
> > brk(0) = 0x9b60000
> > brk(0x9b81000) = 0x9b81000
> > open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3
> > fstat64(3, {st_mode=S_IFREG|0644, st_size=500, ...}) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000
> > read(3, "\n# This file controls the state "..., 4096) = 500
> > read(3, "", 4096) = 0
> > close(3) = 0
> > munmap(0xb7ff6000, 4096) = 0
> > statfs64("/selinux", 84, {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=1749376, f_bfree=795907, f_bavail=795907, f_files=901120, f_ffree=772577, f_fsid={-179335734, -77216707}, f_namelen=255, f_frsize=4096}) = 0
> > open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
> > fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
> > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000
> > read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 560
> > read(3, "", 1024) = 0
> > close(3) = 0
> > munmap(0xb7ff6000, 4096) = 0
> > open("/lib/iptables/libipt_dscp.so", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\6\0\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=6064, ...}) = 0
> > mmap2(NULL, 4728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x111000
> > mmap2(0x112000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x112000
> > close(3) = 0
> > open("/lib/iptables/libipt_mpls.so", O_RDONLY) = 3
> > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\4\0\0004\0\0\0"..., 512) = 512
> > fstat64(3, {st_mode=S_IFREG|0755, st_size=4256, ...}) = 0
> > mmap2(NULL, 7016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x113000
> > mmap2(0x114000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x114000
> > close(3) = 0
> > socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
> > getsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0p\316<\320\0\0\0\0\0\0\0\0\0\0\0\0\360\344\354\331H\344\354\331"..., [84]) = 0
> > getsockopt(3, SOL_IP, 0x41 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [980]) = 0
> > setsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1228) = -1 EINVAL (Invalid argument)
> > write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument
> > ) = 27
> > exit_group(1) = ?
> >
>
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> > Don't miss this year's exciting event. There's still time to save $100.
> > Use priority code J8TL2D2.
> > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> > _______________________________________________
> > mpls-linux-general mailing list
> > mpl...@li...
> > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
>
>
> --
> James R. Leu
> jl...@mi...
>
|
|
From: Adrian P. <adr...@gm...> - 2008-04-23 06:17:40
|
You may be using a newer version than I used (I used 1.950). Things may have
changed. Indeed all the scripts worked on my setup (the scripts are copied
directly from the test-bed).
Good luck,
Adrian
On Tue, Apr 22, 2008 at 6:00 PM, luc...@li... <luc...@li...>
wrote:
> I tried to launch the same command on the mangle table, and it seems to
> work.
>
> [root@z10n ~]# iptables -t mangle -A FORWARD -s 172.16.30.0/24 -m dscp
> --dscp 26 -j mpls --nhlfe 0x02
>
> [root@z10n ~]# iptables -L -t mangle
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> mpls all -- 172.16.30.0/24 anywhere DSCP match
> 0x1a nhlfe 0x2
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
>
>
> Now I'll try if it works, but it seems that the problem was putting the
> rule on the mangle table instead of the (default) filter table.
> Thanks a lot, I'll keep you posted.
> Luca
>
>
> ---------- Initial Header -----------
>
> >From : "James R. Leu" jl...@mi...
> To : "luc...@li..." luc...@li...
> Cc : "mpls-linux-general"
> mpl...@li...
> Date : Tue, 22 Apr 2008 08:07:36 -0500
> Subject : Re: [mpls-linux-general] problems with classes and iptables
>
>
>
>
>
>
>
> > If I remember correctly the MPLS target should only be used
> > in the POSTROUTE or OUTPUT chains, quite possibly only in the 'mangle'
> table.
> >
> > On Tue, Apr 22, 2008 at 11:08:40AM +0200, luc...@li... wrote:
> > > Hello,
> > > I'm trying to differentiate traffic flows in MPLS by marking DSCP
> field at the source and using scheduling strategies at the LER.
> > > I tried to follow the mpls-linux labs for congestion, in which I found
> something similar to my case.
> > > In that case the steps are:
> > > 1- mapping DSCP on EXP bits of mpls header
> > > 2- mapping EXP on the tcindex (scheduling strategy)
> > >
> > > In the script by Adrian Popa there are the following commands:
> > >
> > > var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3
> exp2tc 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c
> 17-26`
> > >
> > > iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls
> --nhlfe $var_best1
> > >
> > > the iptables command answers to me:
> > > iptables: Invalid argument
> > >
> > > I've attached also the result of the command:
> > > strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls
> --nhlfe 0x02
> > >
> > > (0x02 is the previously generated key)
> > >
> > > I don't understand where's the problem: I've followed the example and
> it seems that the problem is in in the -j target of iptables...
> > > Could you please help me?
> > >
> > >
> > > Actually what I'd like to do is quite simpler: it would be enough to
> simply give a different mpls label to every class and then associate each
> label (flow) with a scheduling strategy, without marking exp bits...is it
> possible?
> > > Thanks in advance,
> > > Luca
> > >
> > >
> >
> > > execve("/sbin/iptables", ["iptables", "-A", "FORWARD", "-s", "
> 172.16.30.0/24", "-m", "dscp", "--dscp", "26", "-j", "mpls", "--nhlfe",
> "0x02"], [/* 50 vars */]) = 0
> > > brk(0) = 0x9b60000
> > > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
> directory)
> > > open("/etc/ld.so.cache", O_RDONLY) = 3
> > > fstat64(3, {st_mode=S_IFREG|0644, st_size=85989, ...}) = 0
> > > mmap2(NULL, 85989, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fe2000
> > > close(3) = 0
> > > open("/lib/libdl.so.2", O_RDONLY) = 3
> > > read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\252\207\0004\0\0\0"...,
> 512) = 512
> > > fstat64(3, {st_mode=S_IFREG|0755, st_size=20564, ...}) = 0
> > > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7fe1000
> > > mmap2(0x87a000, 16504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
> 3, 0) = 0x87a000
> > > mmap2(0x87d000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0x87d000
> > > close(3) = 0
> > > open("/lib/libselinux.so.1", O_RDONLY) = 3
> > > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\32e\0004\0\0\0"...,
> 512) = 512
> > > fstat64(3, {st_mode=S_IFREG|0755, st_size=105968, ...}) = 0
> > > mmap2(0x64e000, 109468, PROT_READ|PROT_EXEC,
> MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x64e000
> > > mmap2(0x667000, 8192, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0x667000
> > > close(3) = 0
> > > open("/lib/libc.so.6", O_RDONLY) = 3
> > > read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360Ts\0004\0\0\0"..., 512)
> = 512
> > > fstat64(3, {st_mode=S_IFREG|0755, st_size=1692524, ...}) = 0
> > > mmap2(0x71f000, 1410608, PROT_READ|PROT_EXEC,
> MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71f000
> > > mmap2(0x872000, 12288, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x153) = 0x872000
> > > mmap2(0x875000, 9776, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x875000
> > > close(3) = 0
> > > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7fe0000
> > > set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fe0710,
> limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1,
> seg_not_present:0, useable:1}) = 0
> > > mprotect(0x87d000, 4096, PROT_READ) = 0
> > > mprotect(0x872000, 8192, PROT_READ) = 0
> > > mprotect(0x71b000, 4096, PROT_READ) = 0
> > > munmap(0xb7fe2000, 85989) = 0
> > > brk(0) = 0x9b60000
> > > brk(0x9b81000) = 0x9b81000
> > > open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3
> > > fstat64(3, {st_mode=S_IFREG|0644, st_size=500, ...}) = 0
> > > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7ff6000
> > > read(3, "\n# This file controls the state "..., 4096) = 500
> > > read(3, "", 4096) = 0
> > > close(3) = 0
> > > munmap(0xb7ff6000, 4096) = 0
> > > statfs64("/selinux", 84, {f_type="EXT2_SUPER_MAGIC", f_bsize=4096,
> f_blocks=1749376, f_bfree=795907, f_bavail=795907, f_files=901120,
> f_ffree=772577, f_fsid={-179335734, -77216707}, f_namelen=255,
> f_frsize=4096}) = 0
> > > open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
> > > fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
> > > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7ff6000
> > > read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 560
> > > read(3, "", 1024) = 0
> > > close(3) = 0
> > > munmap(0xb7ff6000, 4096) = 0
> > > open("/lib/iptables/libipt_dscp.so", O_RDONLY) = 3
> > > read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\6\0\0004\0\0\0"..., 512) =
> 512
> > > fstat64(3, {st_mode=S_IFREG|0755, st_size=6064, ...}) = 0
> > > mmap2(NULL, 4728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
> 0) = 0x111000
> > > mmap2(0x112000, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x112000
> > > close(3) = 0
> > > open("/lib/iptables/libipt_mpls.so", O_RDONLY) = 3
> > > read(3,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\4\0\0004\0\0\0"...,
> 512) = 512
> > > fstat64(3, {st_mode=S_IFREG|0755, st_size=4256, ...}) = 0
> > > mmap2(NULL, 7016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
> 0) = 0x113000
> > > mmap2(0x114000, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x114000
> > > close(3) = 0
> > > socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
> > > getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
> "filter\0\0p\316<\320\0\0\0\0\0\0\0\0\0\0\0\0\360\344\354\331H\344\354\331"...,
> [84]) = 0
> > > getsockopt(3, SOL_IP, 0x41 /* IP_??? */,
> "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [980]) = 0
> > > setsockopt(3, SOL_IP, 0x40 /* IP_??? */,
> "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1228) = -1
> EINVAL (Invalid argument)
> > > write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument
> > > ) = 27
> > > exit_group(1) = ?
> > >
> >
> > >
> -------------------------------------------------------------------------
> > > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> > > Don't miss this year's exciting event. There's still time to save
> $100.
> > > Use priority code J8TL2D2.
> > >
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> > > _______________________________________________
> > > mpls-linux-general mailing list
> > > mpl...@li...
> > > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
> >
> >
> > --
> > James R. Leu
> > jl...@mi...
> >
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
>
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> mpls-linux-general mailing list
> mpl...@li...
> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general
>
|
|
From: Anthony R. M. <to...@cy...> - 2008-04-23 12:48:55
|
Any packet modifications need to be done on the mangle table. Doing them on the forward chain will work, but PREROUTING, or POSTROUTING would probably be more effective. A friend of mine worked up a wonderful diagram on packet flow through the kernel. You can reference it here. (I think this is the newest version) http://imagestream.com/~josh/PacketFlow-new.png -Tony -- Anthony R. Mattke Senior Network Engineer CyberLink International 888.293.3693 x4353 to...@cy... luc...@li... wrote: > I tried to launch the same command on the mangle table, and it seems to work. > > [root@z10n ~]# iptables -t mangle -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x02 > > [root@z10n ~]# iptables -L -t mangle > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > mpls all -- 172.16.30.0/24 anywhere DSCP match 0x1a nhlfe 0x2 > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Chain POSTROUTING (policy ACCEPT) > target prot opt source destination > > > Now I'll try if it works, but it seems that the problem was putting the rule on the mangle table instead of the (default) filter table. > Thanks a lot, I'll keep you posted. > Luca > > > ---------- Initial Header ----------- > >>From : "James R. Leu" jl...@mi... > To : "luc...@li..." luc...@li... > Cc : "mpls-linux-general" mpl...@li... > Date : Tue, 22 Apr 2008 08:07:36 -0500 > Subject : Re: [mpls-linux-general] problems with classes and iptables > > > > > > > >> If I remember correctly the MPLS target should only be used >> in the POSTROUTE or OUTPUT chains, quite possibly only in the 'mangle' table. >> >> On Tue, Apr 22, 2008 at 11:08:40AM +0200, luc...@li... wrote: >>> Hello, >>> I'm trying to differentiate traffic flows in MPLS by marking DSCP field at the source and using scheduling strategies at the LER. >>> I tried to follow the mpls-linux labs for congestion, in which I found something similar to my case. >>> In that case the steps are: >>> 1- mapping DSCP on EXP bits of mpls header >>> 2- mapping EXP on the tcindex (scheduling strategy) >>> >>> In the script by Adrian Popa there are the following commands: >>> >>> var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3 exp2tc 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c 17-26` >>> >>> iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe $var_best1 >>> >>> the iptables command answers to me: >>> iptables: Invalid argument >>> >>> I've attached also the result of the command: >>> strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x02 >>> >>> (0x02 is the previously generated key) >>> >>> I don't understand where's the problem: I've followed the example and it seems that the problem is in in the -j target of iptables... >>> Could you please help me? >>> >>> >>> Actually what I'd like to do is quite simpler: it would be enough to simply give a different mpls label to every class and then associate each label (flow) with a scheduling strategy, without marking exp bits...is it possible? >>> Thanks in advance, >>> Luca >>> >>> >>> execve("/sbin/iptables", ["iptables", "-A", "FORWARD", "-s", "172.16.30.0/24", "-m", "dscp", "--dscp", "26", "-j", "mpls", "--nhlfe", "0x02"], [/* 50 vars */]) = 0 >>> brk(0) = 0x9b60000 >>> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) >>> open("/etc/ld.so.cache", O_RDONLY) = 3 >>> fstat64(3, {st_mode=S_IFREG|0644, st_size=85989, ...}) = 0 >>> mmap2(NULL, 85989, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fe2000 >>> close(3) = 0 >>> open("/lib/libdl.so.2", O_RDONLY) = 3 >>> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\252\207\0004\0\0\0"..., 512) = 512 >>> fstat64(3, {st_mode=S_IFREG|0755, st_size=20564, ...}) = 0 >>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe1000 >>> mmap2(0x87a000, 16504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x87a000 >>> mmap2(0x87d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0x87d000 >>> close(3) = 0 >>> open("/lib/libselinux.so.1", O_RDONLY) = 3 >>> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\32e\0004\0\0\0"..., 512) = 512 >>> fstat64(3, {st_mode=S_IFREG|0755, st_size=105968, ...}) = 0 >>> mmap2(0x64e000, 109468, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x64e000 >>> mmap2(0x667000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0x667000 >>> close(3) = 0 >>> open("/lib/libc.so.6", O_RDONLY) = 3 >>> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360Ts\0004\0\0\0"..., 512) = 512 >>> fstat64(3, {st_mode=S_IFREG|0755, st_size=1692524, ...}) = 0 >>> mmap2(0x71f000, 1410608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71f000 >>> mmap2(0x872000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x153) = 0x872000 >>> mmap2(0x875000, 9776, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x875000 >>> close(3) = 0 >>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe0000 >>> set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fe0710, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 >>> mprotect(0x87d000, 4096, PROT_READ) = 0 >>> mprotect(0x872000, 8192, PROT_READ) = 0 >>> mprotect(0x71b000, 4096, PROT_READ) = 0 >>> munmap(0xb7fe2000, 85989) = 0 >>> brk(0) = 0x9b60000 >>> brk(0x9b81000) = 0x9b81000 >>> open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3 >>> fstat64(3, {st_mode=S_IFREG|0644, st_size=500, ...}) = 0 >>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000 >>> read(3, "\n# This file controls the state "..., 4096) = 500 >>> read(3, "", 4096) = 0 >>> close(3) = 0 >>> munmap(0xb7ff6000, 4096) = 0 >>> statfs64("/selinux", 84, {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=1749376, f_bfree=795907, f_bavail=795907, f_files=901120, f_ffree=772577, f_fsid={-179335734, -77216707}, f_namelen=255, f_frsize=4096}) = 0 >>> open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3 >>> fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 >>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ff6000 >>> read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 560 >>> read(3, "", 1024) = 0 >>> close(3) = 0 >>> munmap(0xb7ff6000, 4096) = 0 >>> open("/lib/iptables/libipt_dscp.so", O_RDONLY) = 3 >>> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\6\0\0004\0\0\0"..., 512) = 512 >>> fstat64(3, {st_mode=S_IFREG|0755, st_size=6064, ...}) = 0 >>> mmap2(NULL, 4728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x111000 >>> mmap2(0x112000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x112000 >>> close(3) = 0 >>> open("/lib/iptables/libipt_mpls.so", O_RDONLY) = 3 >>> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\4\0\0004\0\0\0"..., 512) = 512 >>> fstat64(3, {st_mode=S_IFREG|0755, st_size=4256, ...}) = 0 >>> mmap2(NULL, 7016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x113000 >>> mmap2(0x114000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x114000 >>> close(3) = 0 >>> socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3 >>> getsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0p\316<\320\0\0\0\0\0\0\0\0\0\0\0\0\360\344\354\331H\344\354\331"..., [84]) = 0 >>> getsockopt(3, SOL_IP, 0x41 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [980]) = 0 >>> setsockopt(3, SOL_IP, 0x40 /* IP_??? */, "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1228) = -1 EINVAL (Invalid argument) >>> write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument >>> ) = 27 >>> exit_group(1) = ? >>> >>> ------------------------------------------------------------------------- >>> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference >>> Don't miss this year's exciting event. There's still time to save $100. >>> Use priority code J8TL2D2. >>> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone >>> _______________________________________________ >>> mpls-linux-general mailing list >>> mpl...@li... >>> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general >> >> -- >> James R. Leu >> jl...@mi... >> > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > mpls-linux-general mailing list > mpl...@li... > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general |
|
From: Adrian P. <adr...@gm...> - 2008-04-23 13:07:47
|
Superb diagram... I'm ordering a poster of it to hang it over my bed :) On Wed, Apr 23, 2008 at 3:50 PM, Anthony R. Mattke <to...@cy...> wrote: > Any packet modifications need to be done on the mangle table. Doing them > on the forward chain will work, but PREROUTING, or POSTROUTING would > probably be more effective. > > A friend of mine worked up a wonderful diagram on packet flow through > the kernel. You can reference it here. (I think this is the newest > version) > > http://imagestream.com/~josh/PacketFlow-new.png > > -Tony > > -- > > Anthony R. Mattke > Senior Network Engineer > CyberLink International > 888.293.3693 x4353 > to...@cy... > > > luc...@li... wrote: > > I tried to launch the same command on the mangle table, and it seems to > work. > > > > [root@z10n ~]# iptables -t mangle -A FORWARD -s 172.16.30.0/24 -m dscp > --dscp 26 -j mpls --nhlfe 0x02 > > > > [root@z10n ~]# iptables -L -t mangle > > Chain PREROUTING (policy ACCEPT) > > target prot opt source destination > > > > Chain INPUT (policy ACCEPT) > > target prot opt source destination > > > > Chain FORWARD (policy ACCEPT) > > target prot opt source destination > > mpls all -- 172.16.30.0/24 anywhere DSCP match > 0x1a nhlfe 0x2 > > > > Chain OUTPUT (policy ACCEPT) > > target prot opt source destination > > > > Chain POSTROUTING (policy ACCEPT) > > target prot opt source destination > > > > > > Now I'll try if it works, but it seems that the problem was putting the > rule on the mangle table instead of the (default) filter table. > > Thanks a lot, I'll keep you posted. > > Luca > > > > > > ---------- Initial Header ----------- > > > >>From : "James R. Leu" jl...@mi... > > To : "luc...@li..." luc...@li... > > Cc : "mpls-linux-general" > mpl...@li... > > Date : Tue, 22 Apr 2008 08:07:36 -0500 > > Subject : Re: [mpls-linux-general] problems with classes and iptables > > > > > > > > > > > > > > > >> If I remember correctly the MPLS target should only be used > >> in the POSTROUTE or OUTPUT chains, quite possibly only in the 'mangle' > table. > >> > >> On Tue, Apr 22, 2008 at 11:08:40AM +0200, luc...@li... wrote: > >>> Hello, > >>> I'm trying to differentiate traffic flows in MPLS by marking DSCP > field at the source and using scheduling strategies at the LER. > >>> I tried to follow the mpls-linux labs for congestion, in which I found > something similar to my case. > >>> In that case the steps are: > >>> 1- mapping DSCP on EXP bits of mpls header > >>> 2- mapping EXP on the tcindex (scheduling strategy) > >>> > >>> In the script by Adrian Popa there are the following commands: > >>> > >>> var_best1=`mpls nhlfe add key 0 instructions ds2exp 0xf 0x1A 0x3 > exp2tc 0x3 0x1 push gen 300 nexthop ath1 ipv4 10.0.5.3|grep key|cut -c > 17-26` > >>> > >>> iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls > --nhlfe $var_best1 > >>> > >>> the iptables command answers to me: > >>> iptables: Invalid argument > >>> > >>> I've attached also the result of the command: > >>> strace iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls > --nhlfe 0x02 > >>> > >>> (0x02 is the previously generated key) > >>> > >>> I don't understand where's the problem: I've followed the example and > it seems that the problem is in in the -j target of iptables... > >>> Could you please help me? > >>> > >>> > >>> Actually what I'd like to do is quite simpler: it would be enough to > simply give a different mpls label to every class and then associate each > label (flow) with a scheduling strategy, without marking exp bits...is it > possible? > >>> Thanks in advance, > >>> Luca > >>> > >>> > >>> execve("/sbin/iptables", ["iptables", "-A", "FORWARD", "-s", " > 172.16.30.0/24", "-m", "dscp", "--dscp", "26", "-j", "mpls", "--nhlfe", > "0x02"], [/* 50 vars */]) = 0 > >>> brk(0) = 0x9b60000 > >>> access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or > directory) > >>> open("/etc/ld.so.cache", O_RDONLY) = 3 > >>> fstat64(3, {st_mode=S_IFREG|0644, st_size=85989, ...}) = 0 > >>> mmap2(NULL, 85989, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fe2000 > >>> close(3) = 0 > >>> open("/lib/libdl.so.2", O_RDONLY) = 3 > >>> read(3, > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\252\207\0004\0\0\0"..., > 512) = 512 > >>> fstat64(3, {st_mode=S_IFREG|0755, st_size=20564, ...}) = 0 > >>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) = 0xb7fe1000 > >>> mmap2(0x87a000, 16504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, > 3, 0) = 0x87a000 > >>> mmap2(0x87d000, 8192, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0x87d000 > >>> close(3) = 0 > >>> open("/lib/libselinux.so.1", O_RDONLY) = 3 > >>> read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\32e\0004\0\0\0"..., > 512) = 512 > >>> fstat64(3, {st_mode=S_IFREG|0755, st_size=105968, ...}) = 0 > >>> mmap2(0x64e000, 109468, PROT_READ|PROT_EXEC, > MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x64e000 > >>> mmap2(0x667000, 8192, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18) = 0x667000 > >>> close(3) = 0 > >>> open("/lib/libc.so.6", O_RDONLY) = 3 > >>> read(3, > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\360Ts\0004\0\0\0"..., 512) > = 512 > >>> fstat64(3, {st_mode=S_IFREG|0755, st_size=1692524, ...}) = 0 > >>> mmap2(0x71f000, 1410608, PROT_READ|PROT_EXEC, > MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x71f000 > >>> mmap2(0x872000, 12288, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x153) = 0x872000 > >>> mmap2(0x875000, 9776, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x875000 > >>> close(3) = 0 > >>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) = 0xb7fe0000 > >>> set_thread_area({entry_number:-1 -> 6, base_addr:0xb7fe0710, > limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, > seg_not_present:0, useable:1}) = 0 > >>> mprotect(0x87d000, 4096, PROT_READ) = 0 > >>> mprotect(0x872000, 8192, PROT_READ) = 0 > >>> mprotect(0x71b000, 4096, PROT_READ) = 0 > >>> munmap(0xb7fe2000, 85989) = 0 > >>> brk(0) = 0x9b60000 > >>> brk(0x9b81000) = 0x9b81000 > >>> open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = 3 > >>> fstat64(3, {st_mode=S_IFREG|0644, st_size=500, ...}) = 0 > >>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) = 0xb7ff6000 > >>> read(3, "\n# This file controls the state "..., 4096) = 500 > >>> read(3, "", 4096) = 0 > >>> close(3) = 0 > >>> munmap(0xb7ff6000, 4096) = 0 > >>> statfs64("/selinux", 84, {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, > f_blocks=1749376, f_bfree=795907, f_bavail=795907, f_files=901120, > f_ffree=772577, f_fsid={-179335734, -77216707}, f_namelen=255, > f_frsize=4096}) = 0 > >>> open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3 > >>> fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 > >>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) = 0xb7ff6000 > >>> read(3, "rootfs / rootfs rw 0 0\n/dev/root"..., 1024) = 560 > >>> read(3, "", 1024) = 0 > >>> close(3) = 0 > >>> munmap(0xb7ff6000, 4096) = 0 > >>> open("/lib/iptables/libipt_dscp.so", O_RDONLY) = 3 > >>> read(3, > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\6\0\0004\0\0\0"..., 512) = > 512 > >>> fstat64(3, {st_mode=S_IFREG|0755, st_size=6064, ...}) = 0 > >>> mmap2(NULL, 4728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, > 0) = 0x111000 > >>> mmap2(0x112000, 4096, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x112000 > >>> close(3) = 0 > >>> open("/lib/iptables/libipt_mpls.so", O_RDONLY) = 3 > >>> read(3, > "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\4\0\0004\0\0\0"..., > 512) = 512 > >>> fstat64(3, {st_mode=S_IFREG|0755, st_size=4256, ...}) = 0 > >>> mmap2(NULL, 7016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, > 0) = 0x113000 > >>> mmap2(0x114000, 4096, PROT_READ|PROT_WRITE, > MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x114000 > >>> close(3) = 0 > >>> socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3 > >>> getsockopt(3, SOL_IP, 0x40 /* IP_??? */, > "filter\0\0p\316<\320\0\0\0\0\0\0\0\0\0\0\0\0\360\344\354\331H\344\354\331"..., > [84]) = 0 > >>> getsockopt(3, SOL_IP, 0x41 /* IP_??? */, > "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [980]) = 0 > >>> setsockopt(3, SOL_IP, 0x40 /* IP_??? */, > "filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1228) = -1 > EINVAL (Invalid argument) > >>> write(2, "iptables: Invalid argument\n", 27iptables: Invalid argument > >>> ) = 27 > >>> exit_group(1) = ? > >>> > >>> > ------------------------------------------------------------------------- > >>> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > >>> Don't miss this year's exciting event. There's still time to save > $100. > >>> Use priority code J8TL2D2. > >>> > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > >>> _______________________________________________ > >>> mpls-linux-general mailing list > >>> mpl...@li... > >>> https://lists.sourceforge.net/lists/listinfo/mpls-linux-general > >> > >> -- > >> James R. Leu > >> jl...@mi... > >> > > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > > Don't miss this year's exciting event. There's still time to save $100. > > Use priority code J8TL2D2. > > > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > > _______________________________________________ > > mpls-linux-general mailing list > > mpl...@li... > > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > mpls-linux-general mailing list > mpl...@li... > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general > |
|
From: Javier L. <jml...@gm...> - 2008-04-24 10:29:09
|
> If I remember correctly the MPLS target should only be used > in the POSTROUTE or OUTPUT chains, quite possibly only in the 'mangle' table. But, here, Ethernet over MPLS example for mpls-linux-1.95x<http://sourceforge.net/docman/display_doc.php?docid=31115&group_id=15443> I find: ebtables -t nat -A PREROUTING -i eth1 -j mpls --nhlfe 0x2 If you use the POSTROUTE or OUTPUT chain, you won't be able to use de -i eth1 option. And about the problem, if I create the key and do iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x2 I have no problem: [root@localhost ~]# iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x2 [root@localhost ~]# iptables -L Chain FORWARD (policy ACCEPT) target prot opt source destination mpls all -- 172.16.30.0/24 anywhere DSCP match 0x1a nhlfe 0x2 I only obtain the invalid argument response if I haven't created the key first. So I don't know why it is not working. |
|
From: James R. L. <jl...@mi...> - 2008-04-24 12:54:49
|
MPLS for ebtable and iptables netfilter are completly different. Techiques used with one do not translate to the other. With MPLS for etables we are trying to match packet coming into the box from an ethernet port or VLAN, thus you have to use PREROUTING. When trying to use MPLS for iptables we are trying to match packets as they are leaving the box, right before they get written to the wire. This means that POSTROUTE is the appropriate chain to modify. On Thu, Apr 24, 2008 at 12:29:06PM +0200, Javier Lorenzo wrote: > > If I remember correctly the MPLS target should only be used > > in the POSTROUTE or OUTPUT chains, quite possibly only in the 'mangle' > table. > > But, here, > Ethernet over MPLS example for > mpls-linux-1.95x<http://sourceforge.net/docman/display_doc.php?docid=31115&group_id=15443> > I find: > > ebtables -t nat -A PREROUTING -i eth1 -j mpls --nhlfe 0x2 > > If you use the POSTROUTE or OUTPUT chain, you won't be able to use de -i > eth1 option. > > And about the problem, if I create the key and do > iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 -j mpls --nhlfe 0x2 > I have no problem: > [root@localhost ~]# iptables -A FORWARD -s 172.16.30.0/24 -m dscp --dscp 26 > -j mpls --nhlfe 0x2 > [root@localhost ~]# iptables -L > Chain FORWARD (policy ACCEPT) > target prot opt source destination > mpls all -- 172.16.30.0/24 anywhere DSCP match 0x1a > nhlfe 0x2 > > I only obtain the invalid argument response if I haven't created the key > first. > So I don't know why it is not working. > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > mpls-linux-general mailing list > mpl...@li... > https://lists.sourceforge.net/lists/listinfo/mpls-linux-general -- James R. Leu jl...@mi... |
|
From: Adrian P. <adr...@gm...> - 2008-04-22 12:04:25
|
Hmm, strange... Is the lsmod issued after you tried to use iptables? I don't see your libipt_mpls module. Maybe try to load it before issuing the iptables command (something like modprobe libipt_mpls or modprobe ipt_mpls). As for the necessity of DSCP to TCINDEX mapping - it wouldn't be useless because in the edge of the network, you have to do L3 header analysis. In the rest of the network you shouldn't do that and base your decisions on the MPLS header (including EXP bits). But if you only need to enforce bandwidth at the edge of the network - it can be done by mapping DSCP to TCINDEX. I've thought a bit about it and I think the tc command has such a mapping, but I don't know the actual syntax... Cheers! Adrian On Tue, Apr 22, 2008 at 2:55 PM, luc...@li... <luc...@li...> wrote: > SELinux seems to be disabled... > > dmesg | grep -i selinux > > SELinux: Initializing. > SELinux: Starting in permissive mode > selinux_register_security: Registering secondary module capability > SELinux: Registering netfilter hooks > SELinux: Disabled at runtime. > SELinux: Unregistering netfilter hooks > audit(1208846620.480:2): selinux=0 auid=4294967295 > > And here is my lsmod: > > lsmod > Module Size Used by > xt_mpls 6081 0 > xt_dscp 5953 0 > fuse 38613 2 > rfcomm 36953 0 > l2cap 25665 9 rfcomm > bluetooth 49317 4 rfcomm,l2cap > sunrpc 140765 1 > nf_conntrack_ftp 10977 0 > nf_conntrack_ipv4 11717 0 > xt_state 6081 0 > nf_conntrack 51977 3 > nf_conntrack_ftp,nf_conntrack_ipv4,xt_state > nfnetlink 8281 2 nf_conntrack_ipv4,nf_conntrack > xt_tcpudp 6977 0 > ipt_REJECT 7617 0 > iptable_filter 6465 1 > ip_tables 14213 1 iptable_filter > ip6table_filter 6337 0 > ip6_tables 15109 1 ip6table_filter > x_tables 14277 7 > xt_mpls,xt_dscp,xt_state,xt_tcpudp,ipt_REJECT,ip_tables,ip6_tables > loop 16581 0 > dm_multipath 18249 0 > radeon 117345 2 > drm 67029 3 radeon > ipv6 246629 12 > mpls4 8257 0 > snd_ali5451 21453 3 > snd_ac97_codec 92389 1 snd_ali5451 > ac97_bus 6081 1 snd_ac97_codec > snd_seq_dummy 6853 0 > snd_seq_oss 29889 0 > snd_seq_midi_event 9793 1 snd_seq_oss > snd_seq 44849 5 > snd_seq_dummy,snd_seq_oss,snd_seq_midi_event > snd_seq_device 10061 3 snd_seq_dummy,snd_seq_oss,snd_seq > snd_pcm_oss 37569 0 > snd_mixer_oss 16705 2 snd_pcm_oss > battery 14025 2 > snd_pcm 63813 3 snd_ali5451,snd_ac97_codec,snd_pcm_oss > parport_pc 27109 0 > ac 8133 0 > 8139cp 21697 0 > parport 32393 1 parport_pc > button 10449 0 > i2c_ali15x3 10693 0 > alim1535_wdt 8537 0 > firewire_ohci 19137 0 > snd_timer 20549 2 snd_seq,snd_pcm > floppy 53125 0 > firewire_core 36737 1 firewire_ohci > i2c_ali1535 10053 0 > joydev 12673 0 > serio_raw 9029 0 > 8139too 24513 0 > snd 43461 13 > snd_ali5451,snd_ac97_codec,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer > pcspkr 6593 0 > mii 8385 2 8139cp,8139too > i2c_core 21825 2 i2c_ali15x3,i2c_ali1535 > soundcore 9632 2 snd > crc_itu_t 6081 1 firewire_core > snd_page_alloc 11337 1 snd_pcm > sg 31965 0 > sr_mod 17509 0 > cdrom 33889 1 sr_mod > dm_snapshot 17893 0 > dm_zero 5953 0 > dm_mirror 21697 0 > dm_mod 46465 9 dm_multipath,dm_snapshot,dm_zero,dm_mirror > ata_generic 8901 0 > pata_ali 11457 3 > libata 100529 2 ata_generic,pata_ali > sd_mod 27329 4 > scsi_mod 120525 4 sg,sr_mod,libata,sd_mod > ext3 111177 2 > jbd 52585 1 ext3 > mbcache 10305 1 ext3 > uhci_hcd 23633 0 > ohci_hcd 21573 0 > ehci_hcd 31949 0 > > > Mapping DHCP directly to TCINDEX...it doesn't seem to exist such a mpls > command, but I think it wouldn't be useful, because in that way you would > "bypass" MPLS and work only with the L3 header, am I wrong? > > I think I actually need this damned iptables to work!!! > > > > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X