[BUGS?: 2.6.0test4] iptables and tc problems

[BUGS?: 2.6.0test4] iptables and tc problems

[Nico Schottelius]

[-- Attachment #1: Type: text/plain, Size: 1174 bytes --]

Hello!

While trying to setup qos with test4 I get some problems:

When running qos-neu (http://schotteli.us/~nico/qos-neu) dmesg says:
HTB init, kernel part version 3.13
HTB: quantum of class 10010 is small. Consider r2q change.
HTB: quantum of class 10011 is small. Consider r2q change.
HTB: quantum of class 10012 is small. Consider r2q change.

And then testing with the ftp (passive) transmissions shows 16kbyte/s, although
I moved mark 13 to 2kbit.

Then trying to match the ftp connections
bruehe:~#  iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT   
iptables: Invalid argument
bruehe:~# iptables -t mangle -A POSTROUTING -o ppp0 -m owner --uid-owner 1001 -j MARK --set-mark 55
iptables: Invalid argument

Why does iptables or the kernel not accept that?

Greetings,

Nico

-- 
quote:   there are two time a day you should do nothing: before 12 and after 12
         (Nico Schottelius after writin' a very senseless email)
cmd:     echo God bless America | sed 's/.*\(A.*\)$/Why \1?/'
pgp:     new id: 0x8D0E27A4 | ftp.schottelius.org/pub/familiy/nico/pgp-key.new
url:     http://nerd-hosting.net - domains for nerds (from a nerd)

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [BUGS?: 2.6.0test4] iptables and tc problems

[Patrick McHardy]

Nico Schottelius wrote:

>Then trying to match the ftp connections
>bruehe:~#  iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT   
>iptables: Invalid argument
>bruehe:~# iptables -t mangle -A POSTROUTING -o ppp0 -m owner --uid-owner 1001 -j MARK --set-mark 55
>iptables: Invalid argument
>
>Why does iptables or the kernel not accept that?
>

There was a change in the owner match some (long) time ago which
broke the ABI. You probably need to recompile iptables.

Regards,
Patrick

Re: [BUGS?: 2.6.0test4] iptables and tc problems

[Jose Luis Domingo Lopez]

On Monday, 01 September 2003, at 14:28:18 +0200,
Nico Schottelius wrote:

> When running qos-neu (http://schotteli.us/~nico/qos-neu) dmesg says:
> HTB init, kernel part version 3.13
> HTB: quantum of class 10010 is small. Consider r2q change.
>
This is a known informative message from HTB, whose meaning and way to
solve you can find at lartc mailing list archives, or at
http://docum.org

Regards,

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Sid (Linux 2.6.0-test4-mm4)

Re: [BUGS?: 2.6.0test4] iptables and tc problems

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1091 bytes --]

On Mon, Sep 01, 2003 at 02:28:18PM +0200, Nico Schottelius wrote:

> Then trying to match the ftp connections
> bruehe:~#  iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT   
> iptables: Invalid argument
> bruehe:~# iptables -t mangle -A POSTROUTING -o ppp0 -m owner --uid-owner 1001 -j MARK --set-mark 55
> iptables: Invalid argument
> 
> Why does iptables or the kernel not accept that?

you will most likely have to recompile your iptables userspace program.
The owner match has recently undergone some changes in the structure
used for communication between kernel and userspace.

btw: you can easily match ftp data sessions (if you use
ip_conntrack_ftp) by matching with "-m helper --helper ftp"

please direct netfilter/iptables related questions to
netfilter@lists.netfilter.org in the future.  

> Greetings,
> Nico

-- 
- Harald Welte <laforge@gnumonks.org>               http://www.gnumonks.org/
============================================================================
Programming is like sex: One mistake and you have to support it your lifetime

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]