Shorewall 4.4.4.1 on Ubuntu 8.04.3 LTS 2.6.24-25-server I''m experimenting with traffic shaping and ran into an error. When I attempted to try out the simple Per-IP Traffic Shaping solution and added any flow= line to tcclasses or tcdevices I got an error during shorewall restart: Unknown filter "flow", hence option "hash" is unparsable ERROR: Command "tc filter add dev vlan10 protocol all prio 1 parent 11: handle 11 flow hash keys nfct-src divisor 1024" Failed A "shorewall check" did not show any problem, but the restart left shorewall disabled after reporting the error. I''m guessing that something is missing or too old. What should I be looking for? Brad C ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
Brad Clarke wrote:> Shorewall 4.4.4.1 on Ubuntu 8.04.3 LTS 2.6.24-25-server > > I''m experimenting with traffic shaping and ran into an error. When I > attempted to try out the simple Per-IP Traffic Shaping solution and > added any flow= line to tcclasses or tcdevices I got an error during > shorewall restart: > > Unknown filter "flow", hence option "hash" is unparsable > ERROR: Command "tc filter add dev vlan10 protocol all prio 1 parent > 11: handle 11 flow hash keys nfct-src divisor 1024" Failed > > A "shorewall check" did not show any problem, but the restart left > shorewall disabled after reporting the error. > > > I''m guessing that something is missing or too old. What should I be looking for?I suspect that Ubuntu 8.04 is too old to be able to use the ''flow'' classifier. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what''s new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
Tom Eastep wrote:> Brad Clarke wrote: >> Shorewall 4.4.4.1 on Ubuntu 8.04.3 LTS 2.6.24-25-server >> >> I''m experimenting with traffic shaping and ran into an error. When I >> attempted to try out the simple Per-IP Traffic Shaping solution and >> added any flow= line to tcclasses or tcdevices I got an error during >> shorewall restart: >> >> Unknown filter "flow", hence option "hash" is unparsable >> ERROR: Command "tc filter add dev vlan10 protocol all prio 1 parent >> 11: handle 11 flow hash keys nfct-src divisor 1024" Failed >> >> A "shorewall check" did not show any problem, but the restart left >> shorewall disabled after reporting the error. >> >> >> I''m guessing that something is missing or too old. What should I be looking for? > > I suspect that Ubuntu 8.04 is too old to be able to use the ''flow'' > classifier.This is also a Ubuntu kernel ''feature''; Ubuntu kernels do not include support for ''flow'' (disclaimer: I haven''t checked the 9.10 server kernel but the 4.10 server kernel did not include that support). The error you are seeing, however, indicates that your version of ''tc'' does not support ''flow'' filters either. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev
Tom Eastep wrote:> This is also a Ubuntu kernel ''feature''; Ubuntu kernels do not include > support for ''flow'' (disclaimer: I haven''t checked the 9.10 server kernel > but the 4.10 server kernel did not include that support)Correction: 4.10 Ubuntu kernels *do* include this support. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev
I''m confused, what''s 4.10? :) This search had me thinking I needed to be at least at 9.10 to get it by default: http://packages.ubuntu.com/search?suite=karmic&arch=any&mode=filename&searchon=contents&keywords=cls_flow Anything earlier than karmic doesn''t seem to have it. They''ve also done some things in 9.10 that point toward moving away from 32-bit for servers, so I''d likely need to do a whole new 64-bit install of 9.10 to get where I need to be. On the bright side, you''ve done such a good job with shorewall that the rest of my traffic shaping configuration is working great even though I barely understand what''s happening. As the docs suggest, I don''t seem to need this additional feature right now, so I''ll worry about it when I need it (maybe after 10.04 LTS is released). Thanks! Brad C On Thu, Dec 3, 2009 at 1:45 PM, Tom Eastep <teastep@shorewall.net> wrote:> Tom Eastep wrote: > >> This is also a Ubuntu kernel ''feature''; Ubuntu kernels do not include >> support for ''flow'' (disclaimer: I haven''t checked the 9.10 server kernel >> but the 4.10 server kernel did not include that support) > > Correction: 4.10 Ubuntu kernels *do* include this support. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > ------------------------------------------------------------------------------ > Join us December 9, 2009 for the Red Hat Virtual Experience, > a free event focused on virtualization and cloud computing. > Attend in-depth sessions from your desk. Your couch. Anywhere. > http://p.sf.net/sfu/redhat-sfdev2dev > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev