[Bug 712] New: iptables-save does not save correcly rateest bps parameter

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Sun Apr 3 00:01:02 CEST 2011


http://bugzilla.netfilter.org/show_bug.cgi?id=712

           Summary: iptables-save does not save correcly rateest bps
                    parameter
           Product: iptables
           Version: unspecified
          Platform: x86_64
        OS/Version: Debian GNU/Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: unknown
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: emiliolazozaia at gmail.com
   Estimated Hours: 0.0


I have found something that may be a bug in iptables-save or in kernel
'rateest' code.

If I do:

# iptables -t mangle -A Balance -m conntrack --ctstate NEW -m rateest
--rateest1 wan1meter --rateest-bps 1000kbit --rateest-bps1 1000kbit
--rateest-gt --rateest2 wan2meter --rateest-delta -j CONNMARK --set-mark 1

its the corresponding line in iptables -L is:

CONNMARK   all  --  anywhere             anywhere            ctstate NEW
rateest match wan1meter delta bps 1000Kbit gt wan2meter delta bps 1000Kbit
CONNMARK set 0x1

so it seems to be right, but the line in iptables-save is:

-A Balance -m conntrack --ctstate NEW -m rateest --rateest1 wan1meter
--rateest-bps --rateest-gt --rateest2 wan2meter -j CONNMARK --set-xmark
0x1/0xffffffff

this seems to be wrong; after iptables-restore with the generated file, this
iptables rule becames:

CONNMARK   all  --  anywhere             anywhere            ctstate NEW
rateest match wan1meter bps gt wan2meter bps CONNMARK set 0x1

there is neither bps value nor delta parameter, like the saved iptables rule.


I guess the bug is in iptables-save and not in the kernel but really I don't
know if the kernel honours these parameters.

(iptables version 1.4.10, Debian kernel 2.6.38-2-amd64)


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.



More information about the netfilter-buglog mailing list