Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Jun 29, 2009 at 7:51 PM, Richard Horton<arimus.uk@xxxxxxxxxxxxxx> wrote:
> 2009/6/29 Nishit Shah <nsshah.82@xxxxxxxxx>:
>> Hi,
>>         I am compiling arptables-v0.0.3-3/arptables-v0.0.3-2 on
>> fedora6,7,8/centos 5/redhat 5. Module is compiled successfully.
>> Following are the simple steps.
>>
>>        make
>>        make install
>>
>>        Now, I am applying following rules,
>>
>>        arptables -N user1
>>        arptables -N user2
>>        arptables -N user3
>>
>>        arptables -A INPUT -j user1
>>        arptables -A INPUT -j user2
>>        arptables -A INPUT -j user3
>>
>>       when I am doing arptables -nvx -L, I am getting packet counts
>> on only "arptables -A INPUT -j user1", no packet counts on user2 and
>> user3 chains. If I remove the user1 chain, I am getting packet counts
>> on user2 chain, not on user3 chain. It means only the first user
>> defined chain is traversing.
>>
>>       all above machine contains gcc >= 4.1.2 and glibc >= 2.5
>>
>>       If i compile the same source with machine having gcc 2.96 and
>> glibc 2.2.4 things are working properly on the above machines.
>>       Is it something related to gcc and/or glibc ? as I am not
>> seeing any issues with kernel space arptables code.
>>
>> Rgds,
>> Nishit Shah.
>
>
> I might be missing something obvious but all three rules are identical
> so traffic is going to hit the first rule and go down to user1 chain.
>
>
> Your user chains don't have any actions associated so looks to me like
> it enter the chain, nothing will happen - including not returning to
> the input chain so the other rules aren't being hit.
> --
> Richard Horton
> Users are like a virus: Each causing a thousand tiny crises until the
> host finally dies.
> http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
> http://www.pbase.com/arimus - My online photogallery
>

If user chain doesn't have any actions associated, action is
ARPT_CONTINUE. So, the packet will traverse the next rule in INPUT
(that is arptables -A -j user2) and so on. (That is the behavior I am
getting when compiled with gcc 2.96 and glibc 2.2.4)

Rgds,
Nishit Shah.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux