* [LARTC] MARK: targinfosize 8 != 4 @ 2005-12-13 7:22 Salim 2005-12-13 9:18 ` DervishD 2005-12-14 2:14 ` Salim 0 siblings, 2 replies; 12+ messages in thread From: Salim @ 2005-12-13 7:22 UTC (permalink / raw) To: lartc Hello all, I got this problem while trying to shape traffic with iptables MARK and HTB. MARK: targinfosize 8 != 4 --set-mark gives "invalid argument" error message. Kernel version is 2.4.29 (some patches from patch o matic applied) Iptables version 1.3.4 Intel x86 architecture. I saw this problem discussed in a few places, but the discussions didn't come to a conclusion or solution. please help... thanks Salim _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [LARTC] MARK: targinfosize 8 != 4 2005-12-13 7:22 [LARTC] MARK: targinfosize 8 != 4 Salim @ 2005-12-13 9:18 ` DervishD 2005-12-13 12:01 ` [LARTC] " Patrick McHardy 2005-12-14 2:14 ` Salim 1 sibling, 1 reply; 12+ messages in thread From: DervishD @ 2005-12-13 9:18 UTC (permalink / raw) To: lartc Hi Salim :) * Salim <salim.si@askey.com.tw> dixit: > I got this problem while trying to shape traffic with iptables MARK and > HTB. > > MARK: targinfosize 8 != 4 > > --set-mark gives "invalid argument" error message. > > Kernel version is 2.4.29 (some patches from patch o matic applied) > Iptables version 1.3.4 > > Intel x86 architecture. > > I saw this problem discussed in a few places, but the discussions didn't > come to a conclusion or solution. You've hit a bug in iptables :( I've notified in the bugzilla but I have had no answers. You're building iptables with no shared libraries (NO_SHARED_LIBS=1). This means that the code in iptables, when loading the "modules" for the matches and targets is taking a slightly different code path. The problem is that the MARK target has two versions, 0 and 1, and kernel 2.4.x (at least until 31) supports only version 0. If you don't use share libraries in iptables, both versions are loaded and v1 is used instead of v2. Unfortunately, v1 has a bigger data structure than v0 and your kernel complaints. The only solution for your problem is to rebuild iptables with shared libraries instead of compiling the matches and targets in the binary, statically. I've tried to make a patch, and worked for me but I don't want to mess anything so I've described the problem, the wrong code path and other details to the iptables people. If you want to take a look the bug is #413 in bugzilla.netfilter.org And yes, nobody seems to have this problem because it seems that only few people uses iptables built statically :?? or because nobody seems to be interested. Raúl Núñez de Arenas Coronado -- Linux Registered User 88736 | http://www.dervishd.net http://www.pleyades.net & http://www.gotesdelluna.net It's my PC and I'll cry if I want to... _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: MARK: targinfosize 8 != 4 2005-12-13 9:18 ` DervishD @ 2005-12-13 12:01 ` Patrick McHardy 0 siblings, 0 replies; 12+ messages in thread From: Patrick McHardy @ 2005-12-13 12:01 UTC (permalink / raw) To: DervishD; +Cc: lartc, Netfilter Development Mailinglist DervishD wrote: > Hi Salim :) > > * Salim <salim.si@askey.com.tw> dixit: > >> I got this problem while trying to shape traffic with iptables MARK and >>HTB. >> >>MARK: targinfosize 8 != 4 >> >>--set-mark gives "invalid argument" error message. >> >>Kernel version is 2.4.29 (some patches from patch o matic applied) >>Iptables version 1.3.4 >> >>Intel x86 architecture. >> >>I saw this problem discussed in a few places, but the discussions didn't >>come to a conclusion or solution. > > > You've hit a bug in iptables :( I've notified in the bugzilla but > I have had no answers. You're building iptables with no shared > libraries (NO_SHARED_LIBS=1). This means that the code in iptables, > when loading the "modules" for the matches and targets is taking a > slightly different code path. The problem is that the MARK target > has two versions, 0 and 1, and kernel 2.4.x (at least until 31) > supports only version 0. If you don't use share libraries in > iptables, both versions are loaded and v1 is used instead of v2. > Unfortunately, v1 has a bigger data structure than v0 and your kernel > complaints. That can't be the reason, all revisions of a single match/target are in the same object file and the supported revision is (supposed to be) probed. Salim, can you send a strace of the failing iptables command? ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [LARTC] MARK: targinfosize 8 != 4 @ 2005-12-13 12:01 ` Patrick McHardy 0 siblings, 0 replies; 12+ messages in thread From: Patrick McHardy @ 2005-12-13 12:01 UTC (permalink / raw) To: DervishD; +Cc: lartc, Netfilter Development Mailinglist DervishD wrote: > Hi Salim :) > > * Salim <salim.si@askey.com.tw> dixit: > >> I got this problem while trying to shape traffic with iptables MARK and >>HTB. >> >>MARK: targinfosize 8 != 4 >> >>--set-mark gives "invalid argument" error message. >> >>Kernel version is 2.4.29 (some patches from patch o matic applied) >>Iptables version 1.3.4 >> >>Intel x86 architecture. >> >>I saw this problem discussed in a few places, but the discussions didn't >>come to a conclusion or solution. > > > You've hit a bug in iptables :( I've notified in the bugzilla but > I have had no answers. You're building iptables with no shared > libraries (NO_SHARED_LIBS=1). This means that the code in iptables, > when loading the "modules" for the matches and targets is taking a > slightly different code path. The problem is that the MARK target > has two versions, 0 and 1, and kernel 2.4.x (at least until 31) > supports only version 0. If you don't use share libraries in > iptables, both versions are loaded and v1 is used instead of v2. > Unfortunately, v1 has a bigger data structure than v0 and your kernel > complaints. That can't be the reason, all revisions of a single match/target are in the same object file and the supported revision is (supposed to be) probed. Salim, can you send a strace of the failing iptables command? _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [LARTC] MARK: targinfosize 8 != 4 2005-12-13 12:01 ` [LARTC] " Patrick McHardy (?) @ 2005-12-13 18:09 ` Jones Desougi 2005-12-13 20:37 ` [LARTC] " DervishD ` (2 more replies) -1 siblings, 3 replies; 12+ messages in thread From: Jones Desougi @ 2005-12-13 18:09 UTC (permalink / raw) To: kaber; +Cc: salim.si, lartc, netfilter-devel, lartc > That can't be the reason, all revisions of a single match/target are > in the same object file and the supported revision is (supposed to be) > probed. Salim, can you send a strace of the failing iptables command? The key being "supposed to be". :-) Try the patch below. (It's bug #413 in bugzilla) /Jones Signed-off-by: Jones Desougi <jones@ingate.com> diff -r -u --new-file iptables-1.3.4/include/ip6tables.h iptables/include/ip6tables.h --- iptables-1.3.4/include/ip6tables.h 2005-06-24 18:34:17.000000000 +0200 +++ iptables/include/ip6tables.h 2005-11-19 16:31:07.000000000 +0100 @@ -130,6 +130,7 @@ enum ip6t_tryload { DONT_LOAD, + DURING_LOAD, TRY_LOAD, LOAD_MUST_SUCCEED }; diff -r -u --new-file iptables-1.3.4/include/iptables.h iptables/include/iptables.h --- iptables-1.3.4/include/iptables.h 2005-11-19 16:26:12.000000000 +0100 +++ iptables/include/iptables.h 2005-11-19 16:30:47.000000000 +0100 @@ -162,6 +162,7 @@ enum ipt_tryload { DONT_LOAD, + DURING_LOAD, TRY_LOAD, LOAD_MUST_SUCCEED }; diff -r -u --new-file iptables-1.3.4/ip6tables.c iptables/ip6tables.c --- iptables-1.3.4/ip6tables.c 2005-07-29 15:28:56.000000000 +0200 +++ iptables/ip6tables.c 2005-11-19 16:36:22.000000000 +0100 @@ -734,7 +734,7 @@ } #ifndef NO_SHARED_LIBS - if (!ptr && tryload != DONT_LOAD) { + if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) { char path[strlen(lib_dir) + sizeof("/libip6t_.so") + strlen(name)]; if (!icmphack) @@ -986,7 +986,7 @@ } #ifndef NO_SHARED_LIBS - if (!ptr && tryload != DONT_LOAD) { + if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) { char path[strlen(lib_dir) + sizeof("/libip6t_.so") + strlen(name)]; sprintf(path, "%s/libip6t_%s.so", lib_dir, name); @@ -1058,7 +1058,7 @@ exit(1); } - if (find_match(me->name, DONT_LOAD, NULL)) { + if (find_match(me->name, DURING_LOAD, NULL)) { fprintf(stderr, "%s: match `%s' already registered.\n", program_name, me->name); exit(1); @@ -1088,7 +1088,7 @@ exit(1); } - if (find_target(me->name, DONT_LOAD)) { + if (find_target(me->name, DURING_LOAD)) { fprintf(stderr, "%s: target `%s' already registered.\n", program_name, me->name); exit(1); diff -r -u --new-file iptables-1.3.4/iptables.c iptables/iptables.c --- iptables-1.3.4/iptables.c 2005-11-19 16:26:12.000000000 +0100 +++ iptables/iptables.c 2005-11-19 16:34:17.000000000 +0100 @@ -710,7 +710,7 @@ } #ifndef NO_SHARED_LIBS - if (!ptr && tryload != DONT_LOAD) { + if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) { char path[strlen(lib_dir) + sizeof("/libipt_.so") + strlen(name)]; sprintf(path, "%s/libipt_%s.so", lib_dir, name); @@ -1021,7 +1021,7 @@ } #ifndef NO_SHARED_LIBS - if (!ptr && tryload != DONT_LOAD) { + if (!ptr && tryload != DONT_LOAD && tryload != DURING_LOAD) { char path[strlen(lib_dir) + sizeof("/libipt_.so") + strlen(name)]; sprintf(path, "%s/libipt_%s.so", lib_dir, name); @@ -1146,7 +1146,7 @@ exit(1); } - old = find_match(me->name, DONT_LOAD, NULL); + old = find_match(me->name, DURING_LOAD, NULL); if (old) { if (old->revision == me->revision) { fprintf(stderr, @@ -1202,7 +1202,7 @@ exit(1); } - old = find_target(me->name, DONT_LOAD); + old = find_target(me->name, DURING_LOAD); if (old) { struct iptables_target **i; ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: MARK: targinfosize 8 != 4 2005-12-13 18:09 ` Jones Desougi @ 2005-12-13 20:37 ` DervishD 2005-12-14 0:27 ` [LARTC] " Patrick McHardy 2005-12-22 3:29 ` Patrick McHardy 2 siblings, 0 replies; 12+ messages in thread From: DervishD @ 2005-12-13 20:37 UTC (permalink / raw) To: Jones Desougi; +Cc: lartc, netfilter-devel Hi Jones :))) * Jones Desougi <jones@ingate.com> dixit: > > That can't be the reason, all revisions of a single match/target > > are in the same object file and the supported revision is > > (supposed to be) probed. They are not due to the DONT_LOAD usage ;)) The patch below is much better than the one I tested ;))) > Try the patch below. (It's bug #413 in bugzilla) Thanks a lot :)) I'll test it as soon as I can. Raúl Núñez de Arenas Coronado -- Linux Registered User 88736 | http://www.dervishd.net http://www.pleyades.net & http://www.gotesdelluna.net It's my PC and I'll cry if I want to... ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [LARTC] MARK: targinfosize 8 != 4 @ 2005-12-13 20:37 ` DervishD 0 siblings, 0 replies; 12+ messages in thread From: DervishD @ 2005-12-13 20:37 UTC (permalink / raw) To: Jones Desougi; +Cc: lartc, netfilter-devel Hi Jones :))) * Jones Desougi <jones@ingate.com> dixit: > > That can't be the reason, all revisions of a single match/target > > are in the same object file and the supported revision is > > (supposed to be) probed. They are not due to the DONT_LOAD usage ;)) The patch below is much better than the one I tested ;))) > Try the patch below. (It's bug #413 in bugzilla) Thanks a lot :)) I'll test it as soon as I can. Raúl Núñez de Arenas Coronado -- Linux Registered User 88736 | http://www.dervishd.net http://www.pleyades.net & http://www.gotesdelluna.net It's my PC and I'll cry if I want to... _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: MARK: targinfosize 8 != 4 2005-12-13 18:09 ` Jones Desougi @ 2005-12-14 0:27 ` Patrick McHardy 2005-12-14 0:27 ` [LARTC] " Patrick McHardy 2005-12-22 3:29 ` Patrick McHardy 2 siblings, 0 replies; 12+ messages in thread From: Patrick McHardy @ 2005-12-14 0:27 UTC (permalink / raw) To: Jones Desougi; +Cc: lartc, netfilter-devel Jones Desougi wrote: >>That can't be the reason, all revisions of a single match/target are >>in the same object file and the supported revision is (supposed to be) >>probed. Salim, can you send a strace of the failing iptables command? > > > The key being "supposed to be". :-) I somehow expected something like this :) > Try the patch below. (It's bug #413 in bugzilla) This looks good, thanks. I'm going to apply it as soon as there is confirmation that it really fixes the problem people are seeing. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [LARTC] MARK: targinfosize 8 != 4 @ 2005-12-14 0:27 ` Patrick McHardy 0 siblings, 0 replies; 12+ messages in thread From: Patrick McHardy @ 2005-12-14 0:27 UTC (permalink / raw) To: Jones Desougi; +Cc: lartc, netfilter-devel Jones Desougi wrote: >>That can't be the reason, all revisions of a single match/target are >>in the same object file and the supported revision is (supposed to be) >>probed. Salim, can you send a strace of the failing iptables command? > > > The key being "supposed to be". :-) I somehow expected something like this :) > Try the patch below. (It's bug #413 in bugzilla) This looks good, thanks. I'm going to apply it as soon as there is confirmation that it really fixes the problem people are seeing. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [LARTC] MARK: targinfosize 8 != 4 2005-12-13 18:09 ` Jones Desougi @ 2005-12-22 3:29 ` Patrick McHardy 2005-12-14 0:27 ` [LARTC] " Patrick McHardy 2005-12-22 3:29 ` Patrick McHardy 2 siblings, 0 replies; 12+ messages in thread From: Patrick McHardy @ 2005-12-22 3:29 UTC (permalink / raw) To: Jones Desougi; +Cc: salim.si, lartc, netfilter-devel, lartc Jones Desougi wrote: > Try the patch below. (It's bug #413 in bugzilla) > Applied, thanks Jones. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [LARTC] MARK: targinfosize 8 != 4 @ 2005-12-22 3:29 ` Patrick McHardy 0 siblings, 0 replies; 12+ messages in thread From: Patrick McHardy @ 2005-12-22 3:29 UTC (permalink / raw) To: Jones Desougi; +Cc: salim.si, lartc, netfilter-devel, lartc Jones Desougi wrote: > Try the patch below. (It's bug #413 in bugzilla) > Applied, thanks Jones. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [LARTC] MARK: targinfosize 8 != 4 2005-12-13 7:22 [LARTC] MARK: targinfosize 8 != 4 Salim 2005-12-13 9:18 ` DervishD @ 2005-12-14 2:14 ` Salim 1 sibling, 0 replies; 12+ messages in thread From: Salim @ 2005-12-14 2:14 UTC (permalink / raw) To: lartc It worked when I changed to NO_SHARED_LIBS=0. thanks guys. will try out the patch today. the command that was failing was a simple --set-mark. Let me know if anyone still wants an strace. Will send it. ----- Original Message ----- From: "Patrick McHardy" <kaber@trash.net> To: "DervishD" <lartc@dervishd.net> Cc: "Salim" <salim.si@askey.com.tw>; <lartc@mailman.ds9a.nl>; "Netfilter Development Mailinglist" <netfilter-devel@lists.netfilter.org> Sent: Tuesday, December 13, 2005 8:01 PM Subject: Re: [LARTC] MARK: targinfosize 8 != 4 > DervishD wrote: > > Hi Salim :) > > > > * Salim <salim.si@askey.com.tw> dixit: > > > >> I got this problem while trying to shape traffic with iptables MARK and > >>HTB. > >> > >>MARK: targinfosize 8 != 4 > >> > >>--set-mark gives "invalid argument" error message. > >> > >>Kernel version is 2.4.29 (some patches from patch o matic applied) > >>Iptables version 1.3.4 > >> > >>Intel x86 architecture. > >> > >>I saw this problem discussed in a few places, but the discussions didn't > >>come to a conclusion or solution. > > > > > > You've hit a bug in iptables :( I've notified in the bugzilla but > > I have had no answers. You're building iptables with no shared > > libraries (NO_SHARED_LIBS=1). This means that the code in iptables, > > when loading the "modules" for the matches and targets is taking a > > slightly different code path. The problem is that the MARK target > > has two versions, 0 and 1, and kernel 2.4.x (at least until 31) > > supports only version 0. If you don't use share libraries in > > iptables, both versions are loaded and v1 is used instead of v2. > > Unfortunately, v1 has a bigger data structure than v0 and your kernel > > complaints. > > That can't be the reason, all revisions of a single match/target are > in the same object file and the supported revision is (supposed to be) > probed. Salim, can you send a strace of the failing iptables command? _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2005-12-22 3:29 UTC | newest] Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2005-12-13 7:22 [LARTC] MARK: targinfosize 8 != 4 Salim 2005-12-13 9:18 ` DervishD 2005-12-13 12:01 ` Patrick McHardy 2005-12-13 12:01 ` [LARTC] " Patrick McHardy 2005-12-13 18:09 ` Jones Desougi 2005-12-13 20:37 ` DervishD 2005-12-13 20:37 ` [LARTC] " DervishD 2005-12-14 0:27 ` Patrick McHardy 2005-12-14 0:27 ` [LARTC] " Patrick McHardy 2005-12-22 3:29 ` Patrick McHardy 2005-12-22 3:29 ` Patrick McHardy 2005-12-14 2:14 ` Salim
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.