I am looking to route packets through a specific address on the other side of a couple of layers of IP Masquerading. My understanding is I need to use iproute for this (or at least that''s the best way to get it to work). The trouble is, I can''t get the program to do anything. Whenever I run a basic command such as "ip link list" I get "Cannot send dump request: Connection refused". Networking is functional, and every other networking command works as expected, including the standard "route" command. I''m running a Debian 2.2 system with the iproute package installed. I first tried with the included kernel, but it wouldn''t work, so I rolled my own (version 2.2.17) to see if that would let me use the command. I think I''ve turned everything required on: Here''s the network entries from the .config file for my current kernel: [snip] # # Networking options # CONFIG_PACKET=y CONFIG_NETLINK=y CONFIG_RTNETLINK=y CONFIG_NETLINK_DEV=y CONFIG_FIREWALL=y CONFIG_FILTER=y CONFIG_UNIX=y CONFIG_INET=y # CONFIG_IP_MULTICAST is not set CONFIG_IP_ADVANCED_ROUTER=y CONFIG_RTNETLINK=y CONFIG_NETLINK=y CONFIG_IP_MULTIPLE_TABLES=y # CONFIG_IP_ROUTE_MULTIPATH is not set # CONFIG_IP_ROUTE_TOS is not set CONFIG_IP_ROUTE_VERBOSE=y CONFIG_IP_ROUTE_LARGE_TABLES=y CONFIG_IP_ROUTE_NAT=y # CONFIG_IP_PNP is not set CONFIG_IP_FIREWALL=y CONFIG_IP_FIREWALL_NETLINK=y CONFIG_NETLINK_DEV=y CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_TRANSPARENT_PROXY=y CONFIG_IP_MASQUERADE=y CONFIG_IP_MASQUERADE_ICMP=y CONFIG_IP_ROUTER=y CONFIG_NET_IPIP=m CONFIG_NET_IPGRE=m CONFIG_IP_ALIAS=y # CONFIG_SYN_COOKIES is not set # CONFIG_INET_RARP is not set CONFIG_SKB_LARGE=y # CONFIG_IPX is not set # CONFIG_ATALK is not set [snip] Can anyone help me figure out what I am missing? Thank you very much. -David Zoll
bert hubert wrote:> > On Thu, Oct 26, 2000 at 05:03:01PM -0400, David Zoll wrote: > > > I''m running a Debian 2.2 system with the iproute package installed. I > > first tried with the included kernel, but it wouldn''t work, so I rolled > > my own (version 2.2.17) to see if that would let me use the command. I > > think I''ve turned everything required on: > > Did the included version give the exact same error?I believe it did.> This is very weird. Can you verify with ''uname -a'' that you are running the > kernel you think you are running?Yes I am.> Attached is the output of ''strace /sbin/ip link list'', which you can verify > with yours to see what is happening differently.[snip]> > execve("/sbin/ip", ["/sbin/ip", "link", "list"], [/* 30 vars */]) = 0This line is "execve("/sbin/ip", ["/sbin/ip", "link", "list", "3"], [/* 20 vars */]) = 0" for me. I used the exact same syntax to run it. The bulk of the rest is similar enough until the sendto line. I get handle number 3 rather than 4, sizes are different, and the contents of buffers have minor differences. It appears to bind to the socket it eventually chokes on just fine.> sendto(4, "\24\0\0\0\22\0\1\3]\236\3709\0\0\0\0\21\0\0\0", 20, 0, {sin_family=AF_NETLINK, {sa_family=16, sa_data="\0\0\0\0\0\0\0\0\0\0\24\0\0\0"}, 12) = 20Here I get "sendto(3, "\24\0\0\0\22\0\1\3\205\241\3709\0\0\0\0\21\0\0\0", 20, 0, {sin_family=AF_NETLINK, {sa_family=16, sa_data="\0\0\0\0\0\0\0\0\0\0\2 4\0\0\0"}, 12) = -1 ECONNREFUSED (Connection refused)" From this point, it writes the error message and exits rather than continuing on with brk(0). -David Zoll
On Thu, Oct 26, 2000 at 05:03:01PM -0400, David Zoll wrote:> I''m running a Debian 2.2 system with the iproute package installed. I > first tried with the included kernel, but it wouldn''t work, so I rolled > my own (version 2.2.17) to see if that would let me use the command. I > think I''ve turned everything required on:Did the included version give the exact same error? This is very weird. Can you verify with ''uname -a'' that you are running the kernel you think you are running? Attached is the output of ''strace /sbin/ip link list'', which you can verify with yours to see what is happening differently. Regards, bert hubert execve("/sbin/ip", ["/sbin/ip", "link", "list"], [/* 30 vars */]) = 0 brk(0) = 0x805dce4 open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=19370, ...}) = 0 old_mmap(NULL, 19370, PROT_READ, MAP_PRIVATE, 4, 0) = 0x40014000 close(4) = 0 open("/lib/libresolv.so.2", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=46576, ...}) = 0 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \''\0\000"..., 4096) = 4096 old_mmap(NULL, 59420, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40019000 mprotect(0x40024000, 14364, PROT_NONE) = 0 old_mmap(0x40024000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0xa000) = 0x40024000 old_mmap(0x40026000, 6172, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40026000 close(4) = 0 open("/lib/libc.so.6", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0755, st_size=888596, ...}) = 0 read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\244\213"..., 4096) = 4096 old_mmap(NULL, 902972, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40028000 mprotect(0x400fd000, 30524, PROT_NONE) = 0 old_mmap(0x400fd000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0xd4000) = 0x400fd000 old_mmap(0x40101000, 14140, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40101000 close(4) = 0 munmap(0x40014000, 19370) = 0 personality(PER_LINUX) = 0 getpid() = 32233 socket(PF_NETLINK, SOCK_RAW, 0) = 4 bind(4, {sin_family=AF_NETLINK, {sa_family=16, sa_data="\0\0\0\0\0\0\0\0\0\0\205\234\0@"}, 12) = 0 getsockname(4, {sin_family=AF_NETLINK, {sa_family=16, sa_data="\0\0\351}\0\0\0\0\0\0\205\234\0@"}, [12]) = 0 time(NULL) = 972594780 sendto(4, "\24\0\0\0\22\0\1\3]\236\3709\0\0\0\0\21\0\0\0", 20, 0, {sin_family=AF_NETLINK, {sa_family=16, sa_data="\0\0\0\0\0\0\0\0\0\0\24\0\0\0"}, 12) = 20 recvmsg(4, {msg_name(12)={sin_family=AF_NETLINK, {sa_family=16, sa_data="\0\0\0\0\0\0\0\0\0\0\264\0\0\0"}, msg_iov(1)=[{"\264\0\0\0\20\0\2\0]\236\3709\351}\0\0\0\0\4\3\1\0\0\0"..., 8192}], msg_controllen=0, msg_flags=0}, 0) = 368 brk(0) = 0x805dce4 brk(0x805ddb4) = 0x805ddb4 brk(0x805e000) = 0x805e000 recvmsg(4, {msg_name(12)={sin_family=AF_NETLINK, {sa_family=16, sa_data="&\301\0\0\0\0\0\0\0\0\24\0\0\0"}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0]\236\3709\351}\0\0\0\0\0\0\1\0\0\0I\0"..., 8192}], msg_controllen=0, msg_flags=0}, 0) = 20 fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(3, 1), ...}) = 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0 socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 5 ioctl(5, 0x8942, 0xbfffe9ac) = 0 close(5) = 0 write(1, "1: lo: <LOOPBACK,UP> mtu 16192 q"..., 46) = 46 write(1, " link/loopback 00:00:00:00:00"..., 58) = 58 socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 5 ioctl(5, 0x8942, 0xbfffe9ac) = 0 close(5) = 0 write(1, "2: eth0: <BROADCAST,MULTICAST,UP"..., 69) = 69 write(1, " link/ether 00:00:e8:58:b6:31"..., 55) = 55 munmap(0x40014000, 4096) = 0 _exit(0) = ? -- PowerDNS Versatile DNS Services Trilab The Technology People ''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet
bert hubert wrote:> > On Thu, Oct 26, 2000 at 05:49:50PM -0400, David Zoll wrote: > > > The bulk of the rest is similar enough until the sendto line. I get > > handle number 3 rather than 4, sizes are different, and the contents of > > The reason you get 3 is that I sent the output to a file, which took file > descriptor. Well, you''ve lost me here, try posting on the linux-kernel list. > I think something is broken.My fault, your first instinct was the right one. I wasn''t running the kernel version I thought I was. Uname didn''t give me enough info to see that, but I noticed that lilo.conf wasn''t set up the way I had expected it, so it was still booting with the out-of-the-box Debian kernel. IP is working now. I''m planning to submit a wishlist item to Debian for a default kernel that supports iproute2, unless someone has beat me to it. Thanks alot for your help, -David Zoll
On Thu, Oct 26, 2000 at 05:49:50PM -0400, David Zoll wrote:> The bulk of the rest is similar enough until the sendto line. I get > handle number 3 rather than 4, sizes are different, and the contents ofThe reason you get 3 is that I sent the output to a file, which took file descriptor. Well, you''ve lost me here, try posting on the linux-kernel list. I think something is broken. Regards, bert hubert -- PowerDNS Versatile DNS Services Trilab The Technology People ''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet