ipchains behaviour on sparc

Marc Duponcheel (mduponch@cisco.com)
Sat, 22 Aug 1998 18:22:04 +0200

Someone recently posted a 'problem' on sparc in that ipchains
on sparc seem to unable to take into account protos and ports.

This is indeed so.

Since I can test this on 2.1.115 for i386, m68k and sparc
I thought I would add the evidence in a posting. In short: it works on i386 and
m68k but not on sparc. Note that ipchains work on the sparc but not up to
the fine grain level of protos and ports: prot always shows 'all' and ports
always shows 'n/a'.

1. on i386
root@tecra-brew:~ # [bash] ipchains -A output -p TCP -d 192.168.168.0/24 -s 0/0 www
root@tecra-brew:~ # [bash] ipchains -L output -v -n
Chain output (policy ACCEPT: 128653 packets, 13288999 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
0 0 - tcp ------ 0xFF 0x00 * 0.0.0.0/0 192.168.168.0/24 80 -> *
root@tecra-brew:~ # [bash] cat /proc/net/ip_fwchains
output 00000000/00000000->C0A8A800/FFFFFF00 - 10 0 6 0 0 0 0 80-80 0-65535 AFF X00 00000000 0 0 -
root@tecra-brew:~ # [bash] ipchains -D output 1

2. on m68k
root@linux-amiga:~ # [bash] ipchains -A output -p TCP -d 192.168.168.0/24 -s 0/0 www
root@linux-amiga:~ # [bash] ipchains -L output -v -n
Chain output (policy ACCEPT: 18858 packets, 1723240 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
0 0 - tcp ------ 0xFF 0x00 * 0.0.0.0/0 192.168.168.0/24 80 -> *
root@linux-amiga:~ # [bash] cat /proc/net/ip_fwchains
output 00000000/00000000->C0A8A800/FFFFFF00 - 10 0 6 0 0 0 0 80-80 0-65535 AFF X00 00000000 0 0 -
root@linux-amiga:~ # [bash] ipchains -D output 1

3. on sparc (which is my masquerading host)
root@sparc-brew:~ # [bash] ipchains -D output 7
root@sparc-brew:~ # [bash] ipchains -A output -p TCP -d 192.168.168.0/24 -s 0/0 www
root@sparc-brew:~ # [bash] ipchains -L output -v -n
Chain output (policy ACCEPT: 146990 packets, 16444868 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
136K 11M - all ------ 0xFF 0x00 * 0.0.0.0/0 192.168.168.0/24 n/a
135K 11M - all ------ 0xFF 0x00 * 192.168.168.0/24 0.0.0.0/0 n/a
0 0 - all ------ 0xFF 0x00 * 0.0.0.0/0 171.68.148.42 n/a
5436 529K - all ------ 0xFF 0x00 * 171.68.148.42 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 ppp0 0.0.0.0/0 192.168.168.203 n/a
0 0 DENY all ------ 0xFF 0x00 * 0.0.0.0/0 192.168.168.203 n/a
0 0 - all ------ 0xFF 0x00 * 0.0.0.0/0 192.168.168.0/24 n/a
root@sparc-brew:~ # [bash] cat /proc/net/ip_fwchains
input C0A8A800/FFFFFF00->00000000/00000000 - 0 0 0 0 149741 0 15448615 0-0 0-0 AFF X00 00000000 0 0 -
input 00000000/00000000->C0A8A800/FFFFFF00 - 0 0 0 0 148919 0 15376048 0-0 0-0 AFF X00 00000000 0 0 -
input AB44942A/FFFFFFFF->00000000/00000000 - 0 0 0 0 409 0 142216 0-0 0-0 AFF X00 00000000 0 0 -
input 00000000/00000000->AB44942A/FFFFFFFF - 0 0 0 0 8585 0 6476097 0-0 0-0 AFF X00 00000000 0 0 -
forward C0A8A800/FFFFFF00->00000000/00000000 - 0 0 0 0 842 0 73847 0-0 0-0 AFF X00 00000000 0 0 MASQ
output 00000000/00000000->C0A8A800/FFFFFF00 - 0 0 0 0 136018 0 11389175 0-0 0-0 AFF X00 00000000 0 0 -
output C0A8A800/FFFFFF00->00000000/00000000 - 0 0 0 0 135363 0 11102160 0-0 0-0 AFF X00 00000000 0 0 -
output 00000000/00000000->AB44942A/FFFFFFFF - 0 0 0 0 0 0 0 0-0 0-0 AFF X00 00000000 0 0 -
output AB44942A/FFFFFFFF->00000000/00000000 - 0 0 0 0 5465 0 530964 0-0 0-0 AFF X00 00000000 0 0 -
output 00000000/00000000->C0A8A8CB/FFFFFFFF ppp0 0 0 0 0 0 0 0 0-0 0-0 AFF X00 00000000 0 0 DENY
output 00000000/00000000->C0A8A8CB/FFFFFFFF - 0 0 0 0 0 0 0 0-0 0-0 AFF X00 00000000 0 0 DENY
output 00000000/00000000->C0A8A800/FFFFFF00 - 0 0 0 0 0 0 0 0-0 0-0 AFF X00 00000000 0 0 -

Greetings,

--- Cisco Systems ---
Marc Duponcheel mduponch@cisco.com tel: +32 2 778 42 40
CATS Team TAC Brussels ---*--- pager: +32 452 53 30 01

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html