On tis, 2009-01-06 at 02:50 +0200, Yevgeny Kosarzhevsky wrote:
> Package: iproute
> Version: 20080725-2
> Severity: important
>
> Seems iproute has been built against old version of iptables:
iproute uses runtime linking to find external modules, that's why these
problems are not caught at built-time. :(
>
> warp:~# tc filter add dev ppp0 parent ffff: protocol ip prio 10 u32 \
> > match u32 0 0 flowid 1:1 \
> > action ipt -j MARK --set-mark 1 \
> > action mirred egress redirect dev ifb0
> /lib/iptables/libipt_mark.so: cannot open shared object file: No such file or
> directory
> failed to find target MARK
> warp:~# find /lib -name "*mark.so"
> /lib/ebtables/libebt_mark.so
> /lib/xtables/libxt_connmark.so
> /lib/xtables/libxt_mark.so
> warp:~# iptables -V
> iptables v1.4.1.1
>
The iproute package in debian testing/unstable is new enough to contain
the below fix. Unfortunately it's not enough (atleast for debian)...
The problem seems to be that both libxt_MARK.so and libipt_MARK.so are
searched for in the /lib/iptables directory, while the libxt_* files are
actually in /lib/xtables/ ... That's why libxt_MARK.so isn't found.
It's possible to work around this by setting the IPTABLES_LIB_DIR
environment variable, but that only seems to give us other problems:
$ IPTABLES_LIB_DIR=/lib/xtables/ /sbin/tc filter add dev skif parent
ffff: protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action ipt -j
MARK --set-mark 1 action mirred egress redirect dev ifb0
/lib/xtables//libxt_MARK.so: undefined symbol: mark
failed to find target MARK
bad action parsing
parse_action: bad value (11:ipt)!
Illegal "action"
I'll look into this problem more soon, and also try to find out if
putting libxt* in /lib/xtables/ rather then /lib/iptables/ is something
debian specific or if that should be fixed upstream....
> The reply from iproute developer Jamal Hadi Salim <h...@cyberus.ca> was:
>
> Upgrade to latest iproute2 - probably from git tree which should fix
> this in the following commit:
> -----
>
> commit 53c017880b311d7d68926109d4248c900286f6b7
...
PS. For the absolutely latest iproute version (as there has been no
additional commits in upstream git since the last "v2.6.27" release),
build from debians "pkg-iproute" git repo:
git clone git://git.debian.org/git/collab-maint/pkg-iproute
apt-get build-dep iproute
apt-get install git-buildpackage build-essentials
cd pkg-iproute
git-buildpackage
--
Regards,
Andreas Henriksson
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
