I am trying to use the Simple Traffic Shaping model in 4.5.2, and have come upon a problem. I am running CentOS v5.3, Kernel 2.6.18-92.1.18.el5 Unknown filter "flow", hence option "hash" is unparsable ERROR: Command "tc filter add dev eth1 protocol all prio 1 parent 11: handle 11 flow hash keys nfct-src divisor 1024" Failed Processing /etc/shorewall/stop ... ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
redbaron73@gmail.com wrote:> I am trying to use the Simple Traffic Shaping model in 4.5.2, and have > come upon a problem. I am running CentOS v5.3, Kernel 2.6.18-92.1.18.el5 > > Unknown filter "flow", hence option "hash" is unparsable > ERROR: Command "tc filter add dev eth1 protocol all prio 1 parent 11: > handle 11 flow hash keys nfct-src divisor 1024" Failed > Processing /etc/shorewall/stop ...You must use a distribution less than 5 years old to use the latest Linux features. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
Tom Eastep wrote:> redbaron73@gmail.com wrote: >> I am trying to use the Simple Traffic Shaping model in 4.5.2, and have >> come upon a problem. I am running CentOS v5.3, Kernel 2.6.18-92.1.18.el5 >> >> Unknown filter "flow", hence option "hash" is unparsable >> ERROR: Command "tc filter add dev eth1 protocol all prio 1 parent 11: >> handle 11 flow hash keys nfct-src divisor 1024" Failed >> Processing /etc/shorewall/stop ... > > You must use a distribution less than 5 years old to use the latest > Linux features.I exaggerate, of course, but CentOS 5.3 is a very old distro to be trying the latest and greatest software on. You can bypass your current hurdle by not specifying the TYPE in tcinterfaces but you could very well run into other obstacles. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
Tom...how old do you think CentOS 5.3 is? On 1/4/10, Tom Eastep <teastep@shorewall.net> wrote:> redbaron73@gmail.com wrote: >> I am trying to use the Simple Traffic Shaping model in 4.5.2, and have >> come upon a problem. I am running CentOS v5.3, Kernel 2.6.18-92.1.18.el5 >> >> Unknown filter "flow", hence option "hash" is unparsable >> ERROR: Command "tc filter add dev eth1 protocol all prio 1 parent 11: >> handle 11 flow hash keys nfct-src divisor 1024" Failed >> Processing /etc/shorewall/stop ... > > You must use a distribution less than 5 years old to use the latest > Linux features. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > >-- Sent from my mobile device ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
Ok, that makes sense. I was googling to see if I missed something. the problem i ran into is that we are trying to deploy boxes running TrixBox as a firewall router and phone system. Guess we need to separate these functions. On 1/4/10, Tom Eastep <teastep@shorewall.net> wrote:> Tom Eastep wrote: >> redbaron73@gmail.com wrote: >>> I am trying to use the Simple Traffic Shaping model in 4.5.2, and have >>> come upon a problem. I am running CentOS v5.3, Kernel 2.6.18-92.1.18.el5 >>> >>> Unknown filter "flow", hence option "hash" is unparsable >>> ERROR: Command "tc filter add dev eth1 protocol all prio 1 parent 11: >>> handle 11 flow hash keys nfct-src divisor 1024" Failed >>> Processing /etc/shorewall/stop ... >> >> You must use a distribution less than 5 years old to use the latest >> Linux features. > > I exaggerate, of course, but CentOS 5.3 is a very old distro to be > trying the latest and greatest software on. You can bypass your current > hurdle by not specifying the TYPE in tcinterfaces but you could very > well run into other obstacles. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > >-- Sent from my mobile device ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
On 01/05/2010 06:06 AM, Tom Eastep wrote:> Tom Eastep wrote: >> redbaron73@gmail.com wrote: >>> I am trying to use the Simple Traffic Shaping model in 4.5.2, and have >>> come upon a problem. I am running CentOS v5.3, Kernel 2.6.18-92.1.18.el5 >>> >>> Unknown filter "flow", hence option "hash" is unparsable >>> ERROR: Command "tc filter add dev eth1 protocol all prio 1 parent 11: >>> handle 11 flow hash keys nfct-src divisor 1024" Failed >>> Processing /etc/shorewall/stop ... >> >> You must use a distribution less than 5 years old to use the latest >> Linux features. > > I exaggerate, of course, but CentOS 5.3 is a very old distro to be > trying the latest and greatest software on. You can bypass your current > hurdle by not specifying the TYPE in tcinterfaces but you could very > well run into other obstacles.centos-5.4 is the latest (redhat rebuild) so even if it''s based on an old kernel imho shorewall should have to support the latest enterprise distro somehow... -- Levente "Si vis pacem para bellum!" ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
Farkas Levente wrote:> On 01/05/2010 06:06 AM, Tom Eastep wrote: >> I exaggerate, of course, but CentOS 5.3 is a very old distro to be >> trying the latest and greatest software on. You can bypass your current >> hurdle by not specifying the TYPE in tcinterfaces but you could very >> well run into other obstacles. > > centos-5.4 is the latest (redhat rebuild) so even if it''s based on an > old kernel imho shorewall should have to support the latest enterprise > distro somehow... >Farkas, I have every intention of supporting centos/rhel-5.*. But there may be shiny new features that are unavailable when running on old kernels. As in this case, I will try to offer a way to work around the lack of supporting kernel features. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 redbaron73@gmail.com wrote:> As suspected, Yet another error: > > iptables-restore v1.3.5: Bad MARK value `1/255''Iptables 1.3.5 ( included in Centos 5.3 ) doesn''t support specification of a mask in --set-mark (or --and-mark or --or-mark). I''ll see what I can do but it will be after work before I''m able to look at this further. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/ iD8DBQFLQ2sSO/MAbZfjDLIRAto0AJ9MS3rPEksQRYS4YkxMqJ0Nxx9gNwCfdf39 zeeU4WPuhkPGBkjro3hdlvU=CdmH -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 redbaron73@gmail.com wrote:> I think CentOS is a great distribution, but not the best for a > firewall/router device. What Distributions do you know of that include > more of the missing features?I personally run Debian Lenny. 4.5.2 can be installed on Lenny using the tarball. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/ iD8DBQFLQ2x5O/MAbZfjDLIRAj9xAKC85MwmHk/+0uGxSdYUaJMZqsj1xQCghkGz OUKusW4kk8e7wbP57f/5fIQ=+5KY -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
Tom Eastep wrote:> redbaron73@gmail.com wrote: >> As suspected, Yet another error: > >> iptables-restore v1.3.5: Bad MARK value `1/255'' > > Iptables 1.3.5 ( included in Centos 5.3 ) doesn''t support specification > of a mask in --set-mark (or --and-mark or --or-mark). I''ll see what I > can do but it will be after work before I''m able to look at this further.I took a quick look at this and it was trivial to work around. patch /usr/share/shorewall/Shorewall/Tc.pm < mark.diff -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
Tom Eastep wrote:> Tom Eastep wrote: >> redbaron73@gmail.com wrote: >>> As suspected, Yet another error: >>> iptables-restore v1.3.5: Bad MARK value `1/255'' >> Iptables 1.3.5 ( included in Centos 5.3 ) doesn''t support specification >> of a mask in --set-mark (or --and-mark or --or-mark). I''ll see what I >> can do but it will be after work before I''m able to look at this further. > > I took a quick look at this and it was trivial to work around. > > patch /usr/share/shorewall/Shorewall/Tc.pm < mark.diff >Crap -- I attached the wrong patch. Correct patch this time. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon''s best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev