* nftables_0.7 not working
[not found] <CAKO9uzqsbZso--U487egNqGJ7qzFpTxG-jLP-Xcrpi+w0y-TZA@mail.gmail.com>
@ 2022-08-01 12:41 ` Maik Vermeulen
2022-08-01 13:51 ` [yocto] " Quentin Schulz
0 siblings, 1 reply; 5+ messages in thread
From: Maik Vermeulen @ 2022-08-01 12:41 UTC (permalink / raw)
To: yocto
[-- Attachment #1: Type: text/plain, Size: 6409 bytes --]
Hi,
I added the following to our image recipe:
IMAGE_INSTALL_append = " nftables"
When running that image, nftables seems to be included, but we get the
following error:
~# nft
../../nftables-0.7/src/netlink.c:59: Unable to initialize Netlink socket:
Protocol not supported
Furthermore, it's not showing in lsmod, and also not in modprobe
--showconfigs.
This is the active kernel config:
root@agent336:~# zcat /proc/config.gz | grep "CONFIG_NF_\|CONFIG_NETFILTER_"
CONFIG_NETFILTER_ADVANCED=y
CONFIG_NETFILTER_INGRESS=y
# CONFIG_NETFILTER_NETLINK_ACCT is not set
# CONFIG_NETFILTER_NETLINK_QUEUE is not set
# CONFIG_NETFILTER_NETLINK_LOG is not set
CONFIG_NF_CONNTRACK=m
CONFIG_NF_LOG_COMMON=m
# CONFIG_NF_LOG_NETDEV is not set
# CONFIG_NF_CONNTRACK_MARK is not set
CONFIG_NF_CONNTRACK_PROCFS=y
CONFIG_NF_CONNTRACK_EVENTS=y
# CONFIG_NF_CONNTRACK_TIMEOUT is not set
# CONFIG_NF_CONNTRACK_TIMESTAMP is not set
CONFIG_NF_CT_PROTO_DCCP=y
CONFIG_NF_CT_PROTO_SCTP=y
CONFIG_NF_CT_PROTO_UDPLITE=y
# CONFIG_NF_CONNTRACK_AMANDA is not set
# CONFIG_NF_CONNTRACK_FTP is not set
# CONFIG_NF_CONNTRACK_H323 is not set
# CONFIG_NF_CONNTRACK_IRC is not set
# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
# CONFIG_NF_CONNTRACK_SNMP is not set
# CONFIG_NF_CONNTRACK_PPTP is not set
# CONFIG_NF_CONNTRACK_SANE is not set
# CONFIG_NF_CONNTRACK_SIP is not set
# CONFIG_NF_CONNTRACK_TFTP is not set
# CONFIG_NF_CT_NETLINK is not set
# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_NF_NAT_PROTO_DCCP=y
CONFIG_NF_NAT_PROTO_UDPLITE=y
CONFIG_NF_NAT_PROTO_SCTP=y
# CONFIG_NF_NAT_AMANDA is not set
# CONFIG_NF_NAT_FTP is not set
# CONFIG_NF_NAT_IRC is not set
# CONFIG_NF_NAT_SIP is not set
# CONFIG_NF_NAT_TFTP is not set
# CONFIG_NF_NAT_REDIRECT is not set
# CONFIG_NF_TABLES is not set
CONFIG_NETFILTER_XTABLES=m
# CONFIG_NETFILTER_XT_MARK is not set
# CONFIG_NETFILTER_XT_CONNMARK is not set
# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
# CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set
# CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set
# CONFIG_NETFILTER_XT_TARGET_DSCP is not set
# CONFIG_NETFILTER_XT_TARGET_HL is not set
# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
# CONFIG_NETFILTER_XT_TARGET_LED is not set
CONFIG_NETFILTER_XT_TARGET_LOG=m
# CONFIG_NETFILTER_XT_TARGET_MARK is not set
CONFIG_NETFILTER_XT_NAT=m
# CONFIG_NETFILTER_XT_TARGET_NETMAP is not set
# CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
# CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
# CONFIG_NETFILTER_XT_TARGET_REDIRECT is not set
# CONFIG_NETFILTER_XT_TARGET_TEE is not set
# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
# CONFIG_NETFILTER_XT_MATCH_BPF is not set
# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set
# CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
# CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
# CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set
# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set
# CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set
# CONFIG_NETFILTER_XT_MATCH_CONNMARK is not set
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
# CONFIG_NETFILTER_XT_MATCH_CPU is not set
# CONFIG_NETFILTER_XT_MATCH_DCCP is not set
# CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set
# CONFIG_NETFILTER_XT_MATCH_DSCP is not set
# CONFIG_NETFILTER_XT_MATCH_ECN is not set
# CONFIG_NETFILTER_XT_MATCH_ESP is not set
# CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set
# CONFIG_NETFILTER_XT_MATCH_HELPER is not set
# CONFIG_NETFILTER_XT_MATCH_HL is not set
# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set
# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set
# CONFIG_NETFILTER_XT_MATCH_L2TP is not set
# CONFIG_NETFILTER_XT_MATCH_LENGTH is not set
# CONFIG_NETFILTER_XT_MATCH_LIMIT is not set
# CONFIG_NETFILTER_XT_MATCH_MAC is not set
# CONFIG_NETFILTER_XT_MATCH_MARK is not set
# CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set
# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
# CONFIG_NETFILTER_XT_MATCH_OWNER is not set
# CONFIG_NETFILTER_XT_MATCH_POLICY is not set
# CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set
# CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set
# CONFIG_NETFILTER_XT_MATCH_QUOTA is not set
# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
# CONFIG_NETFILTER_XT_MATCH_REALM is not set
# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
# CONFIG_NETFILTER_XT_MATCH_SCTP is not set
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
CONFIG_NF_DEFRAG_IPV4=m
CONFIG_NF_CONNTRACK_IPV4=m
# CONFIG_NF_SOCKET_IPV4 is not set
# CONFIG_NF_DUP_IPV4 is not set
# CONFIG_NF_LOG_ARP is not set
CONFIG_NF_LOG_IPV4=m
CONFIG_NF_REJECT_IPV4=m
CONFIG_NF_NAT_IPV4=m
CONFIG_NF_NAT_MASQUERADE_IPV4=m
# CONFIG_NF_NAT_PPTP is not set
# CONFIG_NF_NAT_H323 is not set
CONFIG_NF_DEFRAG_IPV6=m
CONFIG_NF_CONNTRACK_IPV6=m
# CONFIG_NF_SOCKET_IPV6 is not set
# CONFIG_NF_DUP_IPV6 is not set
CONFIG_NF_REJECT_IPV6=m
CONFIG_NF_LOG_IPV6=m
CONFIG_NF_NAT_IPV6=m
CONFIG_NF_NAT_MASQUERADE_IPV6=m
What am I missing? Should I enable it some other way instead of using
IMAGE_INSTALL_append? Do I need to enable more?
Thanks,
Kind regards,
Maik Vermeulen
Embedded Software Engineer — Lightyear <https://www.lightyear.one/>
+31 6 16 82 73 79 <+31616827379>
--
<https://lightyear.one/careers?utm_source=signature&utm_campaign=spotlightroles&utm_medium=email#vacancies>
--
Automotive Campus 70 —5708 JZ Helmond, the Netherlands
www.lightyear.one
<https://lightyear.one/>
<https://www.linkedin.com/company/lightyear.one/>
This email may contain information which is privileged and/or
confidential. If you received this e-mail in error, please notify us
immediately by e-mail and delete the email without copying or disclosing
its contents to any other person. Lightyear is a trade name of Atlas
Technologies B.V. and is registered at the Dutch Chamber of Commerce under
number 67264298.
[-- Attachment #2: Type: text/html, Size: 8064 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [yocto] nftables_0.7 not working
2022-08-01 12:41 ` nftables_0.7 not working Maik Vermeulen
@ 2022-08-01 13:51 ` Quentin Schulz
2022-08-01 15:34 ` Maik Vermeulen
0 siblings, 1 reply; 5+ messages in thread
From: Quentin Schulz @ 2022-08-01 13:51 UTC (permalink / raw)
To: Maik Vermeulen, yocto
Hi Maik,
On 8/1/22 14:41, Maik Vermeulen wrote:
> Hi,
>
> I added the following to our image recipe:
> IMAGE_INSTALL_append = " nftables"
>
> When running that image, nftables seems to be included, but we get the
> following error:
> ~# nft
> ../../nftables-0.7/src/netlink.c:59: Unable to initialize Netlink socket:
> Protocol not supported
>
> Furthermore, it's not showing in lsmod, and also not in modprobe
> --showconfigs.
>
> This is the active kernel config:
> root@agent336:~# zcat /proc/config.gz | grep "CONFIG_NF_\|CONFIG_NETFILTER_"
> CONFIG_NETFILTER_ADVANCED=y
> CONFIG_NETFILTER_INGRESS=y
> # CONFIG_NETFILTER_NETLINK_ACCT is not set
> # CONFIG_NETFILTER_NETLINK_QUEUE is not set
> # CONFIG_NETFILTER_NETLINK_LOG is not set
> CONFIG_NF_CONNTRACK=m
> CONFIG_NF_LOG_COMMON=m
> # CONFIG_NF_LOG_NETDEV is not set
> # CONFIG_NF_CONNTRACK_MARK is not set
> CONFIG_NF_CONNTRACK_PROCFS=y
> CONFIG_NF_CONNTRACK_EVENTS=y
> # CONFIG_NF_CONNTRACK_TIMEOUT is not set
> # CONFIG_NF_CONNTRACK_TIMESTAMP is not set
> CONFIG_NF_CT_PROTO_DCCP=y
> CONFIG_NF_CT_PROTO_SCTP=y
> CONFIG_NF_CT_PROTO_UDPLITE=y
> # CONFIG_NF_CONNTRACK_AMANDA is not set
> # CONFIG_NF_CONNTRACK_FTP is not set
> # CONFIG_NF_CONNTRACK_H323 is not set
> # CONFIG_NF_CONNTRACK_IRC is not set
> # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
> # CONFIG_NF_CONNTRACK_SNMP is not set
> # CONFIG_NF_CONNTRACK_PPTP is not set
> # CONFIG_NF_CONNTRACK_SANE is not set
> # CONFIG_NF_CONNTRACK_SIP is not set
> # CONFIG_NF_CONNTRACK_TFTP is not set
> # CONFIG_NF_CT_NETLINK is not set
> # CONFIG_NF_CT_NETLINK_TIMEOUT is not set
> CONFIG_NF_NAT=m
> CONFIG_NF_NAT_NEEDED=y
> CONFIG_NF_NAT_PROTO_DCCP=y
> CONFIG_NF_NAT_PROTO_UDPLITE=y
> CONFIG_NF_NAT_PROTO_SCTP=y
> # CONFIG_NF_NAT_AMANDA is not set
> # CONFIG_NF_NAT_FTP is not set
> # CONFIG_NF_NAT_IRC is not set
> # CONFIG_NF_NAT_SIP is not set
> # CONFIG_NF_NAT_TFTP is not set
> # CONFIG_NF_NAT_REDIRECT is not set
> # CONFIG_NF_TABLES is not set
> CONFIG_NETFILTER_XTABLES=m
> # CONFIG_NETFILTER_XT_MARK is not set
> # CONFIG_NETFILTER_XT_CONNMARK is not set
> # CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
> CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
> # CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set
> # CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set
> # CONFIG_NETFILTER_XT_TARGET_DSCP is not set
> # CONFIG_NETFILTER_XT_TARGET_HL is not set
> # CONFIG_NETFILTER_XT_TARGET_HMARK is not set
> # CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
> # CONFIG_NETFILTER_XT_TARGET_LED is not set
> CONFIG_NETFILTER_XT_TARGET_LOG=m
> # CONFIG_NETFILTER_XT_TARGET_MARK is not set
> CONFIG_NETFILTER_XT_NAT=m
> # CONFIG_NETFILTER_XT_TARGET_NETMAP is not set
> # CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
> # CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
> # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
> # CONFIG_NETFILTER_XT_TARGET_REDIRECT is not set
> # CONFIG_NETFILTER_XT_TARGET_TEE is not set
> # CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
> # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
> # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
> CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
> # CONFIG_NETFILTER_XT_MATCH_BPF is not set
> # CONFIG_NETFILTER_XT_MATCH_CGROUP is not set
> # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
> # CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
> # CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set
> # CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set
> # CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set
> # CONFIG_NETFILTER_XT_MATCH_CONNMARK is not set
> CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
> # CONFIG_NETFILTER_XT_MATCH_CPU is not set
> # CONFIG_NETFILTER_XT_MATCH_DCCP is not set
> # CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set
> # CONFIG_NETFILTER_XT_MATCH_DSCP is not set
> # CONFIG_NETFILTER_XT_MATCH_ECN is not set
> # CONFIG_NETFILTER_XT_MATCH_ESP is not set
> # CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set
> # CONFIG_NETFILTER_XT_MATCH_HELPER is not set
> # CONFIG_NETFILTER_XT_MATCH_HL is not set
> # CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set
> # CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set
> # CONFIG_NETFILTER_XT_MATCH_L2TP is not set
> # CONFIG_NETFILTER_XT_MATCH_LENGTH is not set
> # CONFIG_NETFILTER_XT_MATCH_LIMIT is not set
> # CONFIG_NETFILTER_XT_MATCH_MAC is not set
> # CONFIG_NETFILTER_XT_MATCH_MARK is not set
> # CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set
> # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
> # CONFIG_NETFILTER_XT_MATCH_OWNER is not set
> # CONFIG_NETFILTER_XT_MATCH_POLICY is not set
> # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set
> # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set
> # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set
> # CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
> # CONFIG_NETFILTER_XT_MATCH_REALM is not set
> # CONFIG_NETFILTER_XT_MATCH_RECENT is not set
> # CONFIG_NETFILTER_XT_MATCH_SCTP is not set
> # CONFIG_NETFILTER_XT_MATCH_STATE is not set
> # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
> # CONFIG_NETFILTER_XT_MATCH_STRING is not set
> # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
> # CONFIG_NETFILTER_XT_MATCH_TIME is not set
> # CONFIG_NETFILTER_XT_MATCH_U32 is not set
> CONFIG_NF_DEFRAG_IPV4=m
> CONFIG_NF_CONNTRACK_IPV4=m
> # CONFIG_NF_SOCKET_IPV4 is not set
> # CONFIG_NF_DUP_IPV4 is not set
> # CONFIG_NF_LOG_ARP is not set
> CONFIG_NF_LOG_IPV4=m
> CONFIG_NF_REJECT_IPV4=m
> CONFIG_NF_NAT_IPV4=m
> CONFIG_NF_NAT_MASQUERADE_IPV4=m
> # CONFIG_NF_NAT_PPTP is not set
> # CONFIG_NF_NAT_H323 is not set
> CONFIG_NF_DEFRAG_IPV6=m
> CONFIG_NF_CONNTRACK_IPV6=m
> # CONFIG_NF_SOCKET_IPV6 is not set
> # CONFIG_NF_DUP_IPV6 is not set
> CONFIG_NF_REJECT_IPV6=m
> CONFIG_NF_LOG_IPV6=m
> CONFIG_NF_NAT_IPV6=m
> CONFIG_NF_NAT_MASQUERADE_IPV6=m
>
> What am I missing? Should I enable it some other way instead of using
> IMAGE_INSTALL_append? Do I need to enable more?
>
It seems you built many netfilter features/drivers as modules and not
built-in in the kernel. When that is the case, you need to add the
modules to your image because Yocto does not do it for you. Yocto splits
each module in its own package. As a simple try, you can add the
kernel-modules package to your image, it is a package that pulls all
kernel module packages all at once. At least you'll know if there's
another issue before pinpointing the exact kernel module package names
you will want in your image (kernel-modules can be pretty big if you
don't have a "clean" defconfig with many unnecessary drivers built as
modules).
Cheers,
Quentin
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [yocto] nftables_0.7 not working
2022-08-01 13:51 ` [yocto] " Quentin Schulz
@ 2022-08-01 15:34 ` Maik Vermeulen
2022-08-01 15:45 ` Quentin Schulz
0 siblings, 1 reply; 5+ messages in thread
From: Maik Vermeulen @ 2022-08-01 15:34 UTC (permalink / raw)
To: Quentin Schulz; +Cc: yocto
[-- Attachment #1: Type: text/plain, Size: 8148 bytes --]
Hi Quentin,
Thank you for your response!
I added kernel-modules to the IMAGE_INSTALL_append, but it seems that the
modules are still not being loaded.
Is that the correct way?
Also I see that CONFIG_NF_TABLES is not set (with ~# zcat /proc/config.gz |
grep CONFIG_NF_ | grep TABLE)
Is that expected?
Kind regards,
Maik Vermeulen
Embedded Software Engineer — Lightyear <https://www.lightyear.one/>
+31 6 16 82 73 79 <+31616827379>
On Mon, Aug 1, 2022 at 3:51 PM Quentin Schulz <
quentin.schulz@theobroma-systems.com> wrote:
> Hi Maik,
>
> On 8/1/22 14:41, Maik Vermeulen wrote:
> > Hi,
> >
> > I added the following to our image recipe:
> > IMAGE_INSTALL_append = " nftables"
> >
> > When running that image, nftables seems to be included, but we get the
> > following error:
> > ~# nft
> > ../../nftables-0.7/src/netlink.c:59: Unable to initialize Netlink socket:
> > Protocol not supported
> >
> > Furthermore, it's not showing in lsmod, and also not in modprobe
> > --showconfigs.
> >
> > This is the active kernel config:
> > root@agent336:~# zcat /proc/config.gz | grep
> "CONFIG_NF_\|CONFIG_NETFILTER_"
> > CONFIG_NETFILTER_ADVANCED=y
> > CONFIG_NETFILTER_INGRESS=y
> > # CONFIG_NETFILTER_NETLINK_ACCT is not set
> > # CONFIG_NETFILTER_NETLINK_QUEUE is not set
> > # CONFIG_NETFILTER_NETLINK_LOG is not set
> > CONFIG_NF_CONNTRACK=m
> > CONFIG_NF_LOG_COMMON=m
> > # CONFIG_NF_LOG_NETDEV is not set
> > # CONFIG_NF_CONNTRACK_MARK is not set
> > CONFIG_NF_CONNTRACK_PROCFS=y
> > CONFIG_NF_CONNTRACK_EVENTS=y
> > # CONFIG_NF_CONNTRACK_TIMEOUT is not set
> > # CONFIG_NF_CONNTRACK_TIMESTAMP is not set
> > CONFIG_NF_CT_PROTO_DCCP=y
> > CONFIG_NF_CT_PROTO_SCTP=y
> > CONFIG_NF_CT_PROTO_UDPLITE=y
> > # CONFIG_NF_CONNTRACK_AMANDA is not set
> > # CONFIG_NF_CONNTRACK_FTP is not set
> > # CONFIG_NF_CONNTRACK_H323 is not set
> > # CONFIG_NF_CONNTRACK_IRC is not set
> > # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
> > # CONFIG_NF_CONNTRACK_SNMP is not set
> > # CONFIG_NF_CONNTRACK_PPTP is not set
> > # CONFIG_NF_CONNTRACK_SANE is not set
> > # CONFIG_NF_CONNTRACK_SIP is not set
> > # CONFIG_NF_CONNTRACK_TFTP is not set
> > # CONFIG_NF_CT_NETLINK is not set
> > # CONFIG_NF_CT_NETLINK_TIMEOUT is not set
> > CONFIG_NF_NAT=m
> > CONFIG_NF_NAT_NEEDED=y
> > CONFIG_NF_NAT_PROTO_DCCP=y
> > CONFIG_NF_NAT_PROTO_UDPLITE=y
> > CONFIG_NF_NAT_PROTO_SCTP=y
> > # CONFIG_NF_NAT_AMANDA is not set
> > # CONFIG_NF_NAT_FTP is not set
> > # CONFIG_NF_NAT_IRC is not set
> > # CONFIG_NF_NAT_SIP is not set
> > # CONFIG_NF_NAT_TFTP is not set
> > # CONFIG_NF_NAT_REDIRECT is not set
> > # CONFIG_NF_TABLES is not set
> > CONFIG_NETFILTER_XTABLES=m
> > # CONFIG_NETFILTER_XT_MARK is not set
> > # CONFIG_NETFILTER_XT_CONNMARK is not set
> > # CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
> > CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
> > # CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set
> > # CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set
> > # CONFIG_NETFILTER_XT_TARGET_DSCP is not set
> > # CONFIG_NETFILTER_XT_TARGET_HL is not set
> > # CONFIG_NETFILTER_XT_TARGET_HMARK is not set
> > # CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
> > # CONFIG_NETFILTER_XT_TARGET_LED is not set
> > CONFIG_NETFILTER_XT_TARGET_LOG=m
> > # CONFIG_NETFILTER_XT_TARGET_MARK is not set
> > CONFIG_NETFILTER_XT_NAT=m
> > # CONFIG_NETFILTER_XT_TARGET_NETMAP is not set
> > # CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
> > # CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
> > # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
> > # CONFIG_NETFILTER_XT_TARGET_REDIRECT is not set
> > # CONFIG_NETFILTER_XT_TARGET_TEE is not set
> > # CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
> > # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
> > # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
> > CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
> > # CONFIG_NETFILTER_XT_MATCH_BPF is not set
> > # CONFIG_NETFILTER_XT_MATCH_CGROUP is not set
> > # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
> > # CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
> > # CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set
> > # CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set
> > # CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set
> > # CONFIG_NETFILTER_XT_MATCH_CONNMARK is not set
> > CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
> > # CONFIG_NETFILTER_XT_MATCH_CPU is not set
> > # CONFIG_NETFILTER_XT_MATCH_DCCP is not set
> > # CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set
> > # CONFIG_NETFILTER_XT_MATCH_DSCP is not set
> > # CONFIG_NETFILTER_XT_MATCH_ECN is not set
> > # CONFIG_NETFILTER_XT_MATCH_ESP is not set
> > # CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set
> > # CONFIG_NETFILTER_XT_MATCH_HELPER is not set
> > # CONFIG_NETFILTER_XT_MATCH_HL is not set
> > # CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set
> > # CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set
> > # CONFIG_NETFILTER_XT_MATCH_L2TP is not set
> > # CONFIG_NETFILTER_XT_MATCH_LENGTH is not set
> > # CONFIG_NETFILTER_XT_MATCH_LIMIT is not set
> > # CONFIG_NETFILTER_XT_MATCH_MAC is not set
> > # CONFIG_NETFILTER_XT_MATCH_MARK is not set
> > # CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set
> > # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
> > # CONFIG_NETFILTER_XT_MATCH_OWNER is not set
> > # CONFIG_NETFILTER_XT_MATCH_POLICY is not set
> > # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set
> > # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set
> > # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set
> > # CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
> > # CONFIG_NETFILTER_XT_MATCH_REALM is not set
> > # CONFIG_NETFILTER_XT_MATCH_RECENT is not set
> > # CONFIG_NETFILTER_XT_MATCH_SCTP is not set
> > # CONFIG_NETFILTER_XT_MATCH_STATE is not set
> > # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
> > # CONFIG_NETFILTER_XT_MATCH_STRING is not set
> > # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
> > # CONFIG_NETFILTER_XT_MATCH_TIME is not set
> > # CONFIG_NETFILTER_XT_MATCH_U32 is not set
> > CONFIG_NF_DEFRAG_IPV4=m
> > CONFIG_NF_CONNTRACK_IPV4=m
> > # CONFIG_NF_SOCKET_IPV4 is not set
> > # CONFIG_NF_DUP_IPV4 is not set
> > # CONFIG_NF_LOG_ARP is not set
> > CONFIG_NF_LOG_IPV4=m
> > CONFIG_NF_REJECT_IPV4=m
> > CONFIG_NF_NAT_IPV4=m
> > CONFIG_NF_NAT_MASQUERADE_IPV4=m
> > # CONFIG_NF_NAT_PPTP is not set
> > # CONFIG_NF_NAT_H323 is not set
> > CONFIG_NF_DEFRAG_IPV6=m
> > CONFIG_NF_CONNTRACK_IPV6=m
> > # CONFIG_NF_SOCKET_IPV6 is not set
> > # CONFIG_NF_DUP_IPV6 is not set
> > CONFIG_NF_REJECT_IPV6=m
> > CONFIG_NF_LOG_IPV6=m
> > CONFIG_NF_NAT_IPV6=m
> > CONFIG_NF_NAT_MASQUERADE_IPV6=m
> >
> > What am I missing? Should I enable it some other way instead of using
> > IMAGE_INSTALL_append? Do I need to enable more?
> >
>
> It seems you built many netfilter features/drivers as modules and not
> built-in in the kernel. When that is the case, you need to add the
> modules to your image because Yocto does not do it for you. Yocto splits
> each module in its own package. As a simple try, you can add the
> kernel-modules package to your image, it is a package that pulls all
> kernel module packages all at once. At least you'll know if there's
> another issue before pinpointing the exact kernel module package names
> you will want in your image (kernel-modules can be pretty big if you
> don't have a "clean" defconfig with many unnecessary drivers built as
> modules).
>
> Cheers,
> Quentin
>
--
<https://lightyear.one/careers?utm_source=signature&utm_campaign=spotlightroles&utm_medium=email#vacancies>
--
Automotive Campus 70 —5708 JZ Helmond, the Netherlands
www.lightyear.one
<https://lightyear.one/>
<https://www.linkedin.com/company/lightyear.one/>
This email may contain information which is privileged and/or
confidential. If you received this e-mail in error, please notify us
immediately by e-mail and delete the email without copying or disclosing
its contents to any other person. Lightyear is a trade name of Atlas
Technologies B.V. and is registered at the Dutch Chamber of Commerce under
number 67264298.
[-- Attachment #2: Type: text/html, Size: 10501 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [yocto] nftables_0.7 not working
2022-08-01 15:34 ` Maik Vermeulen
@ 2022-08-01 15:45 ` Quentin Schulz
2022-08-03 0:15 ` Randy MacLeod
0 siblings, 1 reply; 5+ messages in thread
From: Quentin Schulz @ 2022-08-01 15:45 UTC (permalink / raw)
To: Maik Vermeulen; +Cc: yocto
Hi Maik,
On 8/1/22 17:34, Maik Vermeulen wrote:
> Hi Quentin,
>
> Thank you for your response!
>
> I added kernel-modules to the IMAGE_INSTALL_append, but it seems that the
> modules are still not being loaded.
> Is that the correct way?
>
> Also I see that CONFIG_NF_TABLES is not set (with ~# zcat /proc/config.gz |
> grep CONFIG_NF_ | grep TABLE)
> Is that expected?
>
No, you would indeed need to enable those in your kernel config.
Cheers,
Quentin
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [yocto] nftables_0.7 not working
2022-08-01 15:45 ` Quentin Schulz
@ 2022-08-03 0:15 ` Randy MacLeod
0 siblings, 0 replies; 5+ messages in thread
From: Randy MacLeod @ 2022-08-03 0:15 UTC (permalink / raw)
To: yocto, maik.vermeulen
On 2022-08-01 11:45, Quentin Schulz wrote:
> Hi Maik,
>
> On 8/1/22 17:34, Maik Vermeulen wrote:
>> Hi Quentin,
>>
>> Thank you for your response!
>>
>> I added kernel-modules to the IMAGE_INSTALL_append, but it seems that
>> the
>> modules are still not being loaded.
>> Is that the correct way?
>>
>> Also I see that CONFIG_NF_TABLES is not set (with ~# zcat
>> /proc/config.gz |
>> grep CONFIG_NF_ | grep TABLE)
>> Is that expected?
>>
>
> No, you would indeed need to enable those in your kernel config.
0.7 - that's pre-dunfell!
For master or kirkstone, see:
https://lists.yoctoproject.org/g/linux-yocto/message/11523?p=%2C%2C%2C20%2C0%2C0%2C0%3A%3Acreated%2C0%2Cmacleod%2C20%2C1%2C0%2C92659340
and the follow-up that I'll send soon to get the pass-rate to 100%.
You won't be able to use the WR Linux features directly but take a look
at the image.inc
and template.conf files in:
https://github.com/WindRiver-Labs/wrlinux/tree/WRLINUX_10_21_BASE/templates/feature/nftables
for the syntax to use the kernel scc files for nftables. It may not be
there if you're using an older kernel.
../Randy
>
> Cheers,
> Quentin
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#57717): https://lists.yoctoproject.org/g/yocto/message/57717
> Mute This Topic: https://lists.yoctoproject.org/mt/92746852/3616765
> Group Owner: yocto+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [randy.macleod@windriver.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
# Randy MacLeod
# Wind River Linux
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-08-03 0:16 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <CAKO9uzqsbZso--U487egNqGJ7qzFpTxG-jLP-Xcrpi+w0y-TZA@mail.gmail.com>
2022-08-01 12:41 ` nftables_0.7 not working Maik Vermeulen
2022-08-01 13:51 ` [yocto] " Quentin Schulz
2022-08-01 15:34 ` Maik Vermeulen
2022-08-01 15:45 ` Quentin Schulz
2022-08-03 0:15 ` Randy MacLeod
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.