[Bug 712] New: iptables-save does not save correcly rateest bps parameter
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Sun Apr 3 00:01:02 CEST 2011
http://bugzilla.netfilter.org/show_bug.cgi?id=712
Summary: iptables-save does not save correcly rateest bps
parameter
Product: iptables
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: unknown
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: emiliolazozaia at gmail.com
Estimated Hours: 0.0
I have found something that may be a bug in iptables-save or in kernel
'rateest' code.
If I do:
# iptables -t mangle -A Balance -m conntrack --ctstate NEW -m rateest
--rateest1 wan1meter --rateest-bps 1000kbit --rateest-bps1 1000kbit
--rateest-gt --rateest2 wan2meter --rateest-delta -j CONNMARK --set-mark 1
its the corresponding line in iptables -L is:
CONNMARK all -- anywhere anywhere ctstate NEW
rateest match wan1meter delta bps 1000Kbit gt wan2meter delta bps 1000Kbit
CONNMARK set 0x1
so it seems to be right, but the line in iptables-save is:
-A Balance -m conntrack --ctstate NEW -m rateest --rateest1 wan1meter
--rateest-bps --rateest-gt --rateest2 wan2meter -j CONNMARK --set-xmark
0x1/0xffffffff
this seems to be wrong; after iptables-restore with the generated file, this
iptables rule becames:
CONNMARK all -- anywhere anywhere ctstate NEW
rateest match wan1meter bps gt wan2meter bps CONNMARK set 0x1
there is neither bps value nor delta parameter, like the saved iptables rule.
I guess the bug is in iptables-save and not in the kernel but really I don't
know if the kernel honours these parameters.
(iptables version 1.4.10, Debian kernel 2.6.38-2-amd64)
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
More information about the netfilter-buglog
mailing list