lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 16 Dec 2012 01:26:32 +0100 (CET) From: Jan Engelhardt <jengelh@...i.de> To: vapier@...too.org cc: Jamal Hadi Salim <jhs@...atatu.com>, Yury Stankevich <urykhy@...il.com>, shemonc@...il.com, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, Pablo Neira Ayuso <pablo@...filter.org>, Netfilter Developer Mailing List <netfilter-devel@...r.kernel.org> Subject: Re: tc ipt action On Sunday 2012-12-16 00:06, Jan Engelhardt wrote: >On Saturday 2012-12-15 22:19, Jamal Hadi Salim wrote: >> >> Example, the following should work for >> tc filter add dev eth0 parent ffff: protocol ip u32 match u32 0 0 >> action ipt -j CONNMARK \ >> action mirred egress redirect dev ifb0 > >If I try that command (substituting ipt->xt and eth0->dummy0, >ifb0->dummy1), all I get is the dreaded "Invalid argument". >So the kernel rejected the command, which could indicate that >userspace construction might have been ok. > ># tc filter add dev dummy0 parent ffff: protocol ip u32 match u32 0 0 \ >action xt -j CONNMARK action mirred egress redirect dev dummy1 > >tablename: mangle hook: NF_IP_PRE_ROUTING > target: CONNMARK and 0x0 index 0 >RTNETLINK answers: Invalid argument >We have an error talking to the kernel > >> Pablo, Hasan Chowdhury tells me this broke after iptable 1.4.10 >> Hasan also sent me a small patch to fake "xt" instead of "ipt" - but i think >> there's more than meets the eye here; some interface we are using to talk to >> xtables on user space seems to have changed. > >What was the last combination that worked? For added fun, it works even less in iproute2-3.7.0. commit e4fc4ada3317ea94452576add25981279d705b14 Author: Mike Frysinger <vapier@...too.org> Date: Thu Nov 8 11:41:17 2012 -0500 allow pkg-config to be customized Rather than hard coding `pkg-config`, use ${PKG_CONFIG} so people can override it to their specific version (like when cross-compiling). This is the same way the upstream pkg-config code works. Signed-off-by: Mike Frysinger <vapier@...too.org> broke it by causing tc/m_xt.so to no longer link against libxtables.so, leading to: # tc [above parameters] tc: symbol lookup error: /usr/lib64/tc//m_xt.so: undefined symbol: xtables_init_all (Makefiles being simpler than $other_buildsys? A distant reality!) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists