bugzilla-daemon at bugzilla.netfilter.org
2011-Apr-02 22:01 UTC
[Bug 712] New: iptables-save does not save correcly rateest bps parameter
http://bugzilla.netfilter.org/show_bug.cgi?id=712
Summary: iptables-save does not save correcly rateest bps
parameter
Product: iptables
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: unknown
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: emiliolazozaia at gmail.com
Estimated Hours: 0.0
I have found something that may be a bug in iptables-save or in kernel
'rateest' code.
If I do:
# iptables -t mangle -A Balance -m conntrack --ctstate NEW -m rateest
--rateest1 wan1meter --rateest-bps 1000kbit --rateest-bps1 1000kbit
--rateest-gt --rateest2 wan2meter --rateest-delta -j CONNMARK --set-mark 1
its the corresponding line in iptables -L is:
CONNMARK all -- anywhere anywhere ctstate NEW
rateest match wan1meter delta bps 1000Kbit gt wan2meter delta bps 1000Kbit
CONNMARK set 0x1
so it seems to be right, but the line in iptables-save is:
-A Balance -m conntrack --ctstate NEW -m rateest --rateest1 wan1meter
--rateest-bps --rateest-gt --rateest2 wan2meter -j CONNMARK --set-xmark
0x1/0xffffffff
this seems to be wrong; after iptables-restore with the generated file, this
iptables rule becames:
CONNMARK all -- anywhere anywhere ctstate NEW
rateest match wan1meter bps gt wan2meter bps CONNMARK set 0x1
there is neither bps value nor delta parameter, like the saved iptables rule.
I guess the bug is in iptables-save and not in the kernel but really I don't
know if the kernel honours these parameters.
(iptables version 1.4.10, Debian kernel 2.6.38-2-amd64)
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2011-Jun-01 00:12 UTC
[Bug 712] iptables-save does not save correcly rateest bps parameter
http://bugzilla.netfilter.org/show_bug.cgi?id=712
Jan Engelhardt <jengelh at medozas.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jengelh at medozas.de
AssignedTo|netfilter- |jengelh at medozas.de
|buglog at lists.netfilter.org |
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2011-Jun-01 00:13 UTC
[Bug 712] iptables-save does not save correcly rateest bps parameter
http://bugzilla.netfilter.org/show_bug.cgi?id=712
Jan Engelhardt <jengelh at medozas.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Maybe Matching Threads
- [Bug 712] iptables-save does not save correcly rateest bps parameter
- [Bug 724] New: Iptables doesn't delete rules matching if target is RATEEST - patch attached
- Plot command drops part of the plot for large plots in multiple figure environment
- hfsc and bps
- [ANNOUNCE] iptables 1.4.14 release