Hi everyone, I am getting following error with xtables. RTNETLINK answers: Invalid argument We have an error talking to the kernel ERROR: Command "tc filter add dev eth0 protocol all parent 1:0 prio 276 handle 0 fw classid 1:10" Failed iptables-1.4.9.1 xtables-1.41 Shorewall-4.4.11.6 kernel-2.6.32-5-686 shorewall conf files: tcrules: RESTORE:F - - all CONTINUE:F - - all - - - !0 1:F - - ipp2p:all edk 1:F - - ipp2p:all dc 1:F - - ipp2p:all kazaa 1:F - - ipp2p:all bit 1:F - - ipp2p:all apple 1:F - - ipp2p:all winmx 1:F - - ipp2p:all soul 1:F - - ipp2p:all ares SAVE:F - - all - - - 1 tcdevices: eth0 100mbps 100mbps tun0 100mbps 100mbps tun1 100mbps 100mbps tcclasses: eth0 0 full/2 full 1 default eth0 1 1kbit 1kbit 2 tun0 0 full/4 full 1 default tun0 1 1kbit 1kbit 2 tun1 0 full/4 full 1 default tun1 1 1kbit 1kbit 2 Same setup working on other machines. Tried from module-assistant and source of different version of both xtables and iptables. Shorewall show capabilities showing all available and also shorewall check result ok. ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
On 02/06/2012 01:53 AM, Azfar Hashmi wrote:> Hi everyone, > > I am getting following error with xtables. > > RTNETLINK answers: Invalid argument > We have an error talking to the kernel > ERROR: Command "tc filter add dev eth0 protocol all parent 1:0 prio > 276 handle 0 fw classid 1:10" FailedI have reproduced this problem; the ''handle 0'' part of the above command is the cause of the failure.> > iptables-1.4.9.1 > xtables-1.41 > Shorewall-4.4.11.6 > kernel-2.6.32-5-686 > shorewall conf files:I''ve attached a patch for Shorewall. Apply it using: patch /usr/share/shorewall/Shorewall/tc < FWMARK-11.6.patch I would be interested to hear which Shorewall and Kernel versions that you have successfully used this configuration on in the past. I don''t see how it could be dependent on the installed version of xtables-addons. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
On 02/06/2012 07:42 AM, Tom Eastep wrote:> On 02/06/2012 01:53 AM, Azfar Hashmi wrote: >> Hi everyone, >> >> I am getting following error with xtables. >> >> RTNETLINK answers: Invalid argument >> We have an error talking to the kernel >> ERROR: Command "tc filter add dev eth0 protocol all parent 1:0 prio >> 276 handle 0 fw classid 1:10" Failed > > I have reproduced this problem; the ''handle 0'' part of the above command > is the cause of the failure.Please disregard my previous email. The problem is that you have ''0'' in the mark column of the tcclasses file. That is why the rule is being rejected. Replace ''0'' by ''2'' and it should work fine. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
On 2/6/2012 8:42 PM, Tom Eastep wrote:> On 02/06/2012 01:53 AM, Azfar Hashmi wrote: >> Hi everyone, >> >> I am getting following error with xtables. >> >> RTNETLINK answers: Invalid argument >> We have an error talking to the kernel >> ERROR: Command "tc filter add dev eth0 protocol all parent 1:0 prio >> 276 handle 0 fw classid 1:10" Failed > I have reproduced this problem; the ''handle 0'' part of the above command > is the cause of the failure. > >> iptables-1.4.9.1 >> xtables-1.41 >> Shorewall-4.4.11.6 >> kernel-2.6.32-5-686 >> shorewall conf files: > I''ve attached a patch for Shorewall. Apply it using: > > patch /usr/share/shorewall/Shorewall/tc < FWMARK-11.6.patch > > I would be interested to hear which Shorewall and Kernel versions that > you have successfully used this configuration on in the past. I don''t > see how it could be dependent on the installed version of xtables-addons. > > Thanks, > -Tom > > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-usersHi Tom, That is not same as the problem is on Debian Squeeze and working on Lenny. Have you attached the patch for me? ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
On 02/06/2012 08:19 AM, Azfar Hashmi wrote:> Hi Tom, > That is not same as the problem is on Debian Squeeze and working on Lenny. > > Have you attached the patch for me?As I stated in my previous email, the patch isn''t the correct solution. I have verified that your configuration also fails on Squeeze with xtables-addons 1.36 so I don''t know how it could have worked previously for you. I have also verified that it _does_ work with MARK 0 replaced by 2. Note that since 2 appears on the default class, a mark value of zero will also be assigned to that class. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
On 02/06/2012 09:07 AM, Tom Eastep wrote:> On 02/06/2012 08:19 AM, Azfar Hashmi wrote: >> Hi Tom, >> That is not same as the problem is on Debian Squeeze and working on Lenny. >> >> Have you attached the patch for me? > > As I stated in my previous email, the patch isn''t the correct solution. > I have verified that your configuration also fails on Squeeze with > xtables-addons 1.36 so I don''t know how it could have worked previously > for you. I have also verified that it _does_ work with MARK 0 replaced > by 2. Note that since 2 appears on the default class, a mark value of > zero will also be assigned to that class.This issue has made it clear that there is no need to require a MARK on the default class. In Shorewall 4.5.1, I will eliminate that requirement so that the MARK column can simply contain ''-''. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
Hi Tom, Thanks for the support. On 2/7/2012 3:30 AM, Tom Eastep wrote:> On 02/06/2012 09:07 AM, Tom Eastep wrote: >> On 02/06/2012 08:19 AM, Azfar Hashmi wrote: >>> Hi Tom, >>> That is not same as the problem is on Debian Squeeze and working onLenny.>>> >>> Have you attached the patch for me? >> >> As I stated in my previous email, the patch isn''t the correct solution. >> I have verified that your configuration also fails on Squeeze with >> xtables-addons 1.36 so I don''t know how it could have worked previously >> for you. I have also verified that it _does_ work with MARK 0 replaced >> by 2. Note that since 2 appears on the default class, a mark value of >> zero will also be assigned to that class. > > This issue has made it clear that there is no need to require a MARK on > the default class. In Shorewall 4.5.1, I will eliminate that requirement > so that the MARK column can simply contain ''-''. > > -Tom > > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
Hi Tom, I am getting below error while patching. 1 out of 1 hunk FAILED -- saving rejects to file /usr/share/shorewall/Shorewall/tc.rej On 2/6/2012 8:42 PM, Tom Eastep wrote:> On 02/06/2012 01:53 AM, Azfar Hashmi wrote: >> Hi everyone, >> >> I am getting following error with xtables. >> >> RTNETLINK answers: Invalid argument >> We have an error talking to the kernel >> ERROR: Command "tc filter add dev eth0 protocol all parent 1:0 prio >> 276 handle 0 fw classid 1:10" Failed > > I have reproduced this problem; the ''handle 0'' part of the above command > is the cause of the failure. > >> >> iptables-1.4.9.1 >> xtables-1.41 >> Shorewall-4.4.11.6 >> kernel-2.6.32-5-686 >> shorewall conf files: > > I''ve attached a patch for Shorewall. Apply it using: > > patch /usr/share/shorewall/Shorewall/tc < FWMARK-11.6.patch > > I would be interested to hear which Shorewall and Kernel versions that > you have successfully used this configuration on in the past. I don''t > see how it could be dependent on the installed version of xtables-addons. > > Thanks, > -Tom > > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
On 02/07/2012 07:05 AM, Azfar Hashmi wrote:> Hi Tom, > > I am getting below error while patching. > > 1 out of 1 hunk FAILED -- saving rejects to file > /usr/share/shorewall/Shorewall/tc.rej >For the third time, DO NOT APPLY THE PATCH! Change your tcclasses file instead. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
Hi Tom, I did and its working now :) Thanks. On 2/7/2012 8:20 PM, Tom Eastep wrote:> On 02/07/2012 07:05 AM, Azfar Hashmi wrote: >> Hi Tom, >> >> I am getting below error while patching. >> >> 1 out of 1 hunk FAILED -- saving rejects to file >> /usr/share/shorewall/Shorewall/tc.rej >> > For the third time, DO NOT APPLY THE PATCH! > > Change your tcclasses file instead. > > -Tom > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
Hi Tom, Yes I just changed the tc files. On 2/7/2012 8:20 PM, Tom Eastep wrote:> On 02/07/2012 07:05 AM, Azfar Hashmi wrote: >> Hi Tom, >> >> I am getting below error while patching. >> >> 1 out of 1 hunk FAILED -- saving rejects to file >> /usr/share/shorewall/Shorewall/tc.rej >> > > For the third time, DO NOT APPLY THE PATCH! > > Change your tcclasses file instead. > > -Tom > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d