| Message ID | 50CF1071.1050405@mojatatu.com |
|---|---|
| State | Not Applicable |
| Headers | show |
On Mon, 17 Dec 2012 07:30:41 -0500 Jamal Hadi Salim <jhs@mojatatu.com> wrote: > On 12-12-16 03:41 PM, Jamal Hadi Salim wrote: > > > > There is an "intermediate solution" from Hasan which doesnt require > > the kernel change. It changes the kernel endpoint to "ipt". I am > > conflicted because it is a quick hack while otoh forcing people to > > upgrade kernel is a usability issue. > > > > > Attached. Author is Hasan - I didnt sign it because i am looking for > feedback and i find it distasteful but it solves the problem. > This is needed until we have a proper fix in the kernel propagated. > Once that kernel change is ubiquitous this change is noise and a > maintanance pain. I am making it hard to even turn it on > (i.e someone knowledgeable will have to compile with CONFIG_XT_HACK) > > cheers, > jamal > > Maybe xtables should have stable API/ABI and use shim routines there? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 12-12-17 11:10 AM, Hasan Chowdhury wrote: > Juts noticed , the attached patch does not have the modification for > m_xt.c , without it ,I guess this patch is not going to work. Thats in the first patch i sent out which I hope Stephen will apply right away. This one depends on that. So you must apply that patch, then this. cheers, jamal -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 12-12-17 11:12 AM, Stephen Hemminger wrote: > > Maybe xtables should have stable API/ABI and use shim routines there? Thats the general direction being taken now with this last changes... cheers, jamal -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 12-12-18 09:45 AM, Hasan Chowdhury wrote: > Hi Jamal, > > Thanks for all the help and the information. I will keep tune myself so > when the proper path from kernel side will show up I will integrate it > into my system to test it. > Yikes. I guess i never posted that? Will do it shortly. cheers, jamal -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/tc/m_action.c b/tc/m_action.c index 1fe2431..fa9a7c8 100644 --- a/tc/m_action.c +++ b/tc/m_action.c @@ -209,10 +209,17 @@ done0: tail = NLMSG_TAIL(n); addattr_l(n, MAX_MSG, ++prio, NULL, 0); + /*XXX: hack to work around old kernels, newer xtables */ +#ifdef CONFIG_XT_HACK + if (strncmp(k,"xt",2)==0) + addattr_l(n, MAX_MSG, TCA_ACT_KIND, "ipt" , strlen("ipt") + 1); + else + addattr_l(n, MAX_MSG, TCA_ACT_KIND, k, strlen(k) + 1); +#else addattr_l(n, MAX_MSG, TCA_ACT_KIND, k, strlen(k) + 1); +#endif ret = a->parse_aopt(a,&argc, &argv, TCA_ACT_OPTIONS, n); - if (ret < 0) { fprintf(stderr,"bad action parsing\n"); goto bad_val; @@ -259,7 +266,15 @@ tc_print_one_action(FILE * f, struct rtattr *arg) } + /*XXX: hack to work around old kernels, newer xtables */ +#ifdef CONFIG_XT_HACK + if (strcmp(RTA_DATA(tb[TCA_ACT_KIND]), "ipt")==0) + a = get_action_kind("xt"); + else + a = get_action_kind(RTA_DATA(tb[TCA_ACT_KIND])); +#else a = get_action_kind(RTA_DATA(tb[TCA_ACT_KIND])); +#endif if (NULL == a) return err;