All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jeremy Sowden <jeremy@azazel.net>
To: kaskada@email.cz
Cc: Jan Engelhardt <jengelh@inai.de>,
	Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: Re: [xtables-addons] xt_ipp2p: add ipv6 module alias
Date: Thu, 16 Sep 2021 20:08:05 +0100	[thread overview]
Message-ID: <YUOWFQUquE59aamm@azazel.net> (raw)
In-Reply-To: <14d.aVM5.6eKrJXfu}0l.1XGpUS@seznam.cz>

[-- Attachment #1: Type: text/plain, Size: 4989 bytes --]

On 2021-09-16, at 14:25:00 +0200, kaskada@email.cz wrote:
> How can I check where iptables/ip6tables searches for plugins/modules
> please?
>
> Actually the problem is not with iptables but with ip6tables. I can
> use IPP2P module on the same Debian with no problems with iptables,
> but ip6tables give this error (still the same):
>
> ip6tables -t mangle -A PREROUTING -m ipp2p --dc -j ACCEPT
> ip6tables v1.8.4 (legacy): Couldn't load match `ipp2p':No such file or
> directory
>
> Try `ip6tables -h' or 'ip6tables --help' for more information.
>
> BTW I`m using legacy (not nf_tables) iptables and ip6tables (changed
> with update-alternatives --config iptables, update-alternatives
> --config ip6tables).

xtables-addons installs the following kernel modules:

  /lib/modules/4.19.0-17-amd64/extra/compat_xtables.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_ACCOUNT.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_CHAOS.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_condition.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_DELUDE.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_DHCPMAC.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_DNETMAP.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_ECHO.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_fuzzy.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_geoip.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_iface.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_IPMARK.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_ipp2p.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_ipv4options.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_length2.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_LOGMARK.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_lscan.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_pknock.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_PROTO.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_psd.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_quota2.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_SYSRQ.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_TARPIT.ko

and the following user-space libraries:

  /usr/lib/x86_64-linux-gnu/xtables/libxt_ACCOUNT.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_CHAOS.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_condition.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_DELUDE.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_dhcpmac.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_DHCPMAC.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_DNETMAP.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_ECHO.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_fuzzy.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_geoip.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_gradm.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_iface.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_IPMARK.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_ipp2p.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_ipv4options.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_length2.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_LOGMARK.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_lscan.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_pknock.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_PROTO.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_psd.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_quota2.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_SYSRQ.so
  /usr/lib/x86_64-linux-gnu/xtables/libxt_TARPIT.so

Make sure you're not using the xt_ipp2p.ko kernel module:

  $ sudo ip6tables-legacy -F -t mangle
  $ sudo iptables-legacy -F -t mangle

Make sure you don't have xt_ipp2p.ko loaded:

  $ sudo modprobe -r xt_ipp2p

Make sure the files don't exists on your box:

  $ sudo rm /lib/modules/4.19.0-17-amd64/extra/xt_ipp2p.ko
  $ sudo rm /usr/lib/x86_64-linux-gnu/xtables/libxt_ipp2p.so

Run depmod:

  $ sudo depmod -av | awk '$1 ~ /xt_ipp2p/'

Make sure you've got the latest source checked out and pristine:

  $ git clean -d -f -x
  $ git reset --hard master
  HEAD is now at f144c2e xt_ipp2p: replace redundant ipp2p_addr
  $ git pull --rebase origin master
  From https://git.inai.de/xtables-addons
   * branch            master     -> FETCH_HEAD
  Already up to date.
  Current branch master is up to date.
  $ git log -1
  commit f144c2ebba17aa4c6b8d402623d53b655945be76 (HEAD -> master, origin/master, origin/HEAD)
  Author: Jan Engelhardt <jengelh@inai.de>
  Date:   Tue Sep 14 17:07:58 2021 +0200

      xt_ipp2p: replace redundant ipp2p_addr

Build and install it:

  $ ./autogen.sh
  $ ./configure
  $ make -j3
  $ sudo make install

Run depmod:

  $ sudo depmod -av | awk '$1 ~ /xt_ipp2p/'
  /lib/modules/4.19.0-17-amd64/extra/xt_ipp2p.ko needs "xt_unregister_matches": /lib/modules/4.19.0-17-amd64/kernel/net/netfilter/x_tables.ko
  /lib/modules/4.19.0-17-amd64/extra/xt_ipp2p.ko needs "HX_memmem": /lib/modules/4.19.0-17-amd64/extra/compat_xtables.ko

Use the extension:

  $ sudo ip6tables-legacy -t mangle -A PREROUTING -m ipp2p --dc -j ACCEPT
  $ sudo ip6tables-legacy -t mangle -L PREROUTING
  Chain PREROUTING (policy ACCEPT)
  target     prot opt source               destination
  ACCEPT     all      anywhere             anywhere             -m ipp2p  --dc

J.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

  parent reply	other threads:[~2021-09-16 19:08 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-14 14:09 [xtables-addons] xt_ipp2p: add ipv6 module alias Jeremy Sowden
2021-09-14 15:08 ` Jan Engelhardt
     [not found] ` <33D.aVMp.3L4gqjighB0.1XGFsS@seznam.cz>
2021-09-15 14:55   ` Jeremy Sowden
     [not found]     ` <FA.Zu6V.5ytypyKnDSO.1XGXsj@seznam.cz>
2021-09-15 17:24       ` Jan Engelhardt
     [not found]         ` <14d.aVM5.6eKrJXfu}0l.1XGpUS@seznam.cz>
2021-09-16 19:08           ` Jeremy Sowden [this message]
2021-09-17 17:02             ` kaskada
2021-10-01 19:39             ` kaskada
2021-10-01 19:48               ` Jeremy Sowden

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YUOWFQUquE59aamm@azazel.net \
    --to=jeremy@azazel.net \
    --cc=jengelh@inai.de \
    --cc=kaskada@email.cz \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.