On Wednesday 2012-01-11 23:03, Ye Liu wrote: >>>>> I need to setup iptables rules to tee the traffic, so I've tried to >>>>> add the following rule: >>>>> $> iptables -t mangle -A PREROUTING -j TEE --gateway xxx.xxx.xxx.xxx >>>>> But the command gives an error, says >>>>> $> iptables: Invalid argument. Run `dmesg' for more information. >>>> >>>> xxx.xxx.xxx.xxx is of course not a valid IP address. >> >> Forget Jan, he once again proved he's the biggest asshole on the list. > >LOL It's a form of Godwin's law (and some people - like Mart - just have to openly state they have nothing better to do). >I did more researches, and one thread in this list suggested I should >use iptables < 1.4.8 for kernel < 2.6.35, so I tried iptables 1.4.7, >but got the same result. Here is command-line output: > >$ iptables -t mangle -A PREROUTING -j TEE --gateway 192.9.200.29 -v >TEE all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 TEE gw:192.9.200.29 >iptables: Invalid argument. Run `dmesg' for more information. Here is the fix I have come up with. Upload to SF is currently out of order, so it is not yet in the git repository. parent aee5aedc63d0bc2d9a826c5e936b83295de20aa9 (v1.41) commit a6b06502cace4f921a6b4f56cce81f09446cc34b Author: Jan Engelhardt <jengelh@xxxxxxxxxx> Date: Thu Jan 12 09:21:39 2012 +0100 compat_xtables: fixed mistranslation of checkentry return values --- doc/api/2.6.17.c | 4 ++-- doc/api/2.6.19.c | 4 ++-- doc/changelog.txt | 3 +++ extensions/compat_xtables.c | 8 -------- 4 files changed, 7 insertions(+), 12 deletions(-) diff --git a/doc/api/2.6.17.c b/doc/api/2.6.17.c index 3b56e47..08a431d 100644 --- a/doc/api/2.6.17.c +++ b/doc/api/2.6.17.c @@ -13,7 +13,7 @@ match: int *hotdrop, ); - /* error code */ + /* true/false */ int (*checkentry)( const char *tablename, @@ -45,7 +45,7 @@ target: void *userdata, ); - /* error code */ + /* true/false */ int (*checkentry)( const char *tablename, diff --git a/doc/api/2.6.19.c b/doc/api/2.6.19.c index 9bc658f..5fd48da 100644 --- a/doc/api/2.6.19.c +++ b/doc/api/2.6.19.c @@ -13,7 +13,7 @@ match: int *hotdrop, ); - /* error code */ + /* true/false */ int (*checkentry)( const char *tablename, @@ -42,7 +42,7 @@ target: const void *targinfo, ); - /* error code */ + /* true/false */ int (*checkentry)( const char *tablename, diff --git a/doc/changelog.txt b/doc/changelog.txt index 2ece6be..48d5436 100644 --- a/doc/changelog.txt +++ b/doc/changelog.txt @@ -1,6 +1,9 @@ HEAD ==== +Fixes: +- compat_xtables: fixed mistranslation of checkentry return values + (affected kernels < 2.6.23) v1.41 (2012-01-04) diff --git a/extensions/compat_xtables.c b/extensions/compat_xtables.c index c5b67a4..26f6a00 100644 --- a/extensions/compat_xtables.c +++ b/extensions/compat_xtables.c @@ -110,11 +110,7 @@ static bool xtnu_match_check(const char *table, const void *entry, return false; if (nm->checkentry == NULL) return true; -#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 23) - return nm->checkentry(&local_par); -#else return nm->checkentry(&local_par) == 0; -#endif } #endif #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28) && \ @@ -322,11 +318,7 @@ static bool xtnu_target_check(const char *table, const void *entry, if (nt->checkentry == NULL) /* this is valid, just like if there was no function */ return true; -#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 23) - return nt->checkentry(&local_par); -#else return nt->checkentry(&local_par) == 0; -#endif } #endif -- # Created with git-export-patch -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
