On Sat, Dec 19, 2015 at 3:10 AM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Fri, Dec 18, 2015 at 09:39:49AM +0530, Shivani Bhardwaj wrote: >> Hi, >> >> So far, I've been able to figure out that the problem is arising >> because of wrong return value by the function xlate of >> xtables-translate. This return value is further dependent on a >> function cb() which I am not able to understand. Could you please help >> me with this? > > I'm getting this here: > > libxt_mark.c:116:1: warning: ‘mark_mt_xlate_print’ defined but not > used [-Wunused-function] > mark_mt_xlate_print(const struct xt_entry_match *match, > ^ > libxt_mark.c:140:1: warning: ‘mark_xlate_print’ defined but not used > [-Wunused-function] > mark_xlate_print(const struct xt_entry_match *match, > ^ > > These two functions are unused, so there is some problem there. > > But, anyway after applying you patch I can see: > > # iptables-translate -I INPUT -m mark --mark 10 > nft insert rule ip filter INPUT ct mark & xa counter > > So this kind of work already. > Hi, I just tried adding this rule to nft. It does not work. It only works for integer values of mark. nft shows syntax error for ampersand and hex values. Isn't there something wrong? Please let me know. Thank you > Be careful about shared libraries for extensions (here I have them at > /usr/lib/xtables/*.so or maybe you have it at /usr/local/lib/xtables) > > The thing is that probably you have an older iptables installation, so > you iptables-translate binary refers to the old .so file which has no > translation. > > So make sure you don't have several .so in your setup, probably that's > the problem. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html