yocto@lists.yoctoproject.org | nftables_0.7 not working

Home Messages Hashtags Subgroups

Date Date 1 - 5 of 5

nftables_0.7 not working

Maik Vermeulen #57713 Hi, I added the following to our image recipe: IMAGE_INSTALL_append = " nftables" When running that image, nftables seems to be included, but we get the following error: ~# nft ../../nftables-0.7/src/netlink.c:59: Unable to initialize Netlink socket: Protocol not supported Furthermore, it's not showing in lsmod, and also not in modprobe --showconfigs. This is the active kernel config: root@agent336:~# zcat /proc/config.gz \| grep "CONFIG_NF_\\|CONFIG_NETFILTER_" CONFIG_NETFILTER_ADVANCED=y CONFIG_NETFILTER_INGRESS=y # CONFIG_NETFILTER_NETLINK_ACCT is not set # CONFIG_NETFILTER_NETLINK_QUEUE is not set # CONFIG_NETFILTER_NETLINK_LOG is not set CONFIG_NF_CONNTRACK=m CONFIG_NF_LOG_COMMON=m # CONFIG_NF_LOG_NETDEV is not set # CONFIG_NF_CONNTRACK_MARK is not set CONFIG_NF_CONNTRACK_PROCFS=y CONFIG_NF_CONNTRACK_EVENTS=y # CONFIG_NF_CONNTRACK_TIMEOUT is not set # CONFIG_NF_CONNTRACK_TIMESTAMP is not set CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y # CONFIG_NF_CONNTRACK_AMANDA is not set # CONFIG_NF_CONNTRACK_FTP is not set # CONFIG_NF_CONNTRACK_H323 is not set # CONFIG_NF_CONNTRACK_IRC is not set # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set # CONFIG_NF_CONNTRACK_SNMP is not set # CONFIG_NF_CONNTRACK_PPTP is not set # CONFIG_NF_CONNTRACK_SANE is not set # CONFIG_NF_CONNTRACK_SIP is not set # CONFIG_NF_CONNTRACK_TFTP is not set # CONFIG_NF_CT_NETLINK is not set # CONFIG_NF_CT_NETLINK_TIMEOUT is not set CONFIG_NF_NAT=m CONFIG_NF_NAT_NEEDED=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y # CONFIG_NF_NAT_AMANDA is not set # CONFIG_NF_NAT_FTP is not set # CONFIG_NF_NAT_IRC is not set # CONFIG_NF_NAT_SIP is not set # CONFIG_NF_NAT_TFTP is not set # CONFIG_NF_NAT_REDIRECT is not set # CONFIG_NF_TABLES is not set CONFIG_NETFILTER_XTABLES=m # CONFIG_NETFILTER_XT_MARK is not set # CONFIG_NETFILTER_XT_CONNMARK is not set # CONFIG_NETFILTER_XT_TARGET_AUDIT is not set CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m # CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set # CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set # CONFIG_NETFILTER_XT_TARGET_DSCP is not set # CONFIG_NETFILTER_XT_TARGET_HL is not set # CONFIG_NETFILTER_XT_TARGET_HMARK is not set # CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set # CONFIG_NETFILTER_XT_TARGET_LED is not set CONFIG_NETFILTER_XT_TARGET_LOG=m # CONFIG_NETFILTER_XT_TARGET_MARK is not set CONFIG_NETFILTER_XT_NAT=m # CONFIG_NETFILTER_XT_TARGET_NETMAP is not set # CONFIG_NETFILTER_XT_TARGET_NFLOG is not set # CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set # CONFIG_NETFILTER_XT_TARGET_REDIRECT is not set # CONFIG_NETFILTER_XT_TARGET_TEE is not set # CONFIG_NETFILTER_XT_TARGET_TPROXY is not set # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m # CONFIG_NETFILTER_XT_MATCH_BPF is not set # CONFIG_NETFILTER_XT_MATCH_CGROUP is not set # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set # CONFIG_NETFILTER_XT_MATCH_COMMENT is not set # CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set # CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set # CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set # CONFIG_NETFILTER_XT_MATCH_CONNMARK is not set CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m # CONFIG_NETFILTER_XT_MATCH_CPU is not set # CONFIG_NETFILTER_XT_MATCH_DCCP is not set # CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set # CONFIG_NETFILTER_XT_MATCH_DSCP is not set # CONFIG_NETFILTER_XT_MATCH_ECN is not set # CONFIG_NETFILTER_XT_MATCH_ESP is not set # CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set # CONFIG_NETFILTER_XT_MATCH_HELPER is not set # CONFIG_NETFILTER_XT_MATCH_HL is not set # CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set # CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set # CONFIG_NETFILTER_XT_MATCH_L2TP is not set # CONFIG_NETFILTER_XT_MATCH_LENGTH is not set # CONFIG_NETFILTER_XT_MATCH_LIMIT is not set # CONFIG_NETFILTER_XT_MATCH_MAC is not set # CONFIG_NETFILTER_XT_MATCH_MARK is not set # CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_OWNER is not set # CONFIG_NETFILTER_XT_MATCH_POLICY is not set # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set # CONFIG_NETFILTER_XT_MATCH_RATEEST is not set # CONFIG_NETFILTER_XT_MATCH_REALM is not set # CONFIG_NETFILTER_XT_MATCH_RECENT is not set # CONFIG_NETFILTER_XT_MATCH_SCTP is not set # CONFIG_NETFILTER_XT_MATCH_STATE is not set # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set # CONFIG_NETFILTER_XT_MATCH_STRING is not set # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set # CONFIG_NETFILTER_XT_MATCH_U32 is not set CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_CONNTRACK_IPV4=m # CONFIG_NF_SOCKET_IPV4 is not set # CONFIG_NF_DUP_IPV4 is not set # CONFIG_NF_LOG_ARP is not set CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=m # CONFIG_NF_NAT_PPTP is not set # CONFIG_NF_NAT_H323 is not set CONFIG_NF_DEFRAG_IPV6=m CONFIG_NF_CONNTRACK_IPV6=m # CONFIG_NF_SOCKET_IPV6 is not set # CONFIG_NF_DUP_IPV6 is not set CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m CONFIG_NF_NAT_IPV6=m CONFIG_NF_NAT_MASQUERADE_IPV6=m What am I missing? Should I enable it some other way instead of using IMAGE_INSTALL_append? Do I need to enable more? Thanks, Kind regards, Maik Vermeulen Embedded Software Engineer — Lightyear +31 6 16 82 73 79 Automotive Campus 70 —5708 JZ Helmond, the Netherlands www.lightyear.one This email may contain information which is privileged and/or confidential. If you received this e-mail in error, please notify us immediately by e-mail and delete the email without copying or disclosing its contents to any other person. Lightyear is a trade name of Atlas Technologies B.V. and is registered at the Dutch Chamber of Commerce under number 67264298.
More All Messages By This Member
Quentin Schulz #57715 Hi Maik, On 8/1/22 14:41, Maik Vermeulen wrote: Hi, I added the following to our image recipe: IMAGE_INSTALL_append = " nftables" When running that image, nftables seems to be included, but we get the following error: ~# nft ../../nftables-0.7/src/netlink.c:59: Unable to initialize Netlink socket: Protocol not supported Furthermore, it's not showing in lsmod, and also not in modprobe --showconfigs. This is the active kernel config: root@agent336:~# zcat /proc/config.gz \| grep "CONFIG_NF_\\|CONFIG_NETFILTER_" CONFIG_NETFILTER_ADVANCED=y CONFIG_NETFILTER_INGRESS=y # CONFIG_NETFILTER_NETLINK_ACCT is not set # CONFIG_NETFILTER_NETLINK_QUEUE is not set # CONFIG_NETFILTER_NETLINK_LOG is not set CONFIG_NF_CONNTRACK=m CONFIG_NF_LOG_COMMON=m # CONFIG_NF_LOG_NETDEV is not set # CONFIG_NF_CONNTRACK_MARK is not set CONFIG_NF_CONNTRACK_PROCFS=y CONFIG_NF_CONNTRACK_EVENTS=y # CONFIG_NF_CONNTRACK_TIMEOUT is not set # CONFIG_NF_CONNTRACK_TIMESTAMP is not set CONFIG_NF_CT_PROTO_DCCP=y CONFIG_NF_CT_PROTO_SCTP=y CONFIG_NF_CT_PROTO_UDPLITE=y # CONFIG_NF_CONNTRACK_AMANDA is not set # CONFIG_NF_CONNTRACK_FTP is not set # CONFIG_NF_CONNTRACK_H323 is not set # CONFIG_NF_CONNTRACK_IRC is not set # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set # CONFIG_NF_CONNTRACK_SNMP is not set # CONFIG_NF_CONNTRACK_PPTP is not set # CONFIG_NF_CONNTRACK_SANE is not set # CONFIG_NF_CONNTRACK_SIP is not set # CONFIG_NF_CONNTRACK_TFTP is not set # CONFIG_NF_CT_NETLINK is not set # CONFIG_NF_CT_NETLINK_TIMEOUT is not set CONFIG_NF_NAT=m CONFIG_NF_NAT_NEEDED=y CONFIG_NF_NAT_PROTO_DCCP=y CONFIG_NF_NAT_PROTO_UDPLITE=y CONFIG_NF_NAT_PROTO_SCTP=y # CONFIG_NF_NAT_AMANDA is not set # CONFIG_NF_NAT_FTP is not set # CONFIG_NF_NAT_IRC is not set # CONFIG_NF_NAT_SIP is not set # CONFIG_NF_NAT_TFTP is not set # CONFIG_NF_NAT_REDIRECT is not set # CONFIG_NF_TABLES is not set CONFIG_NETFILTER_XTABLES=m # CONFIG_NETFILTER_XT_MARK is not set # CONFIG_NETFILTER_XT_CONNMARK is not set # CONFIG_NETFILTER_XT_TARGET_AUDIT is not set CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m # CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set # CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set # CONFIG_NETFILTER_XT_TARGET_DSCP is not set # CONFIG_NETFILTER_XT_TARGET_HL is not set # CONFIG_NETFILTER_XT_TARGET_HMARK is not set # CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set # CONFIG_NETFILTER_XT_TARGET_LED is not set CONFIG_NETFILTER_XT_TARGET_LOG=m # CONFIG_NETFILTER_XT_TARGET_MARK is not set CONFIG_NETFILTER_XT_NAT=m # CONFIG_NETFILTER_XT_TARGET_NETMAP is not set # CONFIG_NETFILTER_XT_TARGET_NFLOG is not set # CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set # CONFIG_NETFILTER_XT_TARGET_REDIRECT is not set # CONFIG_NETFILTER_XT_TARGET_TEE is not set # CONFIG_NETFILTER_XT_TARGET_TPROXY is not set # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m # CONFIG_NETFILTER_XT_MATCH_BPF is not set # CONFIG_NETFILTER_XT_MATCH_CGROUP is not set # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set # CONFIG_NETFILTER_XT_MATCH_COMMENT is not set # CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set # CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set # CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set # CONFIG_NETFILTER_XT_MATCH_CONNMARK is not set CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m # CONFIG_NETFILTER_XT_MATCH_CPU is not set # CONFIG_NETFILTER_XT_MATCH_DCCP is not set # CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set # CONFIG_NETFILTER_XT_MATCH_DSCP is not set # CONFIG_NETFILTER_XT_MATCH_ECN is not set # CONFIG_NETFILTER_XT_MATCH_ESP is not set # CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set # CONFIG_NETFILTER_XT_MATCH_HELPER is not set # CONFIG_NETFILTER_XT_MATCH_HL is not set # CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set # CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set # CONFIG_NETFILTER_XT_MATCH_L2TP is not set # CONFIG_NETFILTER_XT_MATCH_LENGTH is not set # CONFIG_NETFILTER_XT_MATCH_LIMIT is not set # CONFIG_NETFILTER_XT_MATCH_MAC is not set # CONFIG_NETFILTER_XT_MATCH_MARK is not set # CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_OWNER is not set # CONFIG_NETFILTER_XT_MATCH_POLICY is not set # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set # CONFIG_NETFILTER_XT_MATCH_RATEEST is not set # CONFIG_NETFILTER_XT_MATCH_REALM is not set # CONFIG_NETFILTER_XT_MATCH_RECENT is not set # CONFIG_NETFILTER_XT_MATCH_SCTP is not set # CONFIG_NETFILTER_XT_MATCH_STATE is not set # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set # CONFIG_NETFILTER_XT_MATCH_STRING is not set # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set # CONFIG_NETFILTER_XT_MATCH_U32 is not set CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_CONNTRACK_IPV4=m # CONFIG_NF_SOCKET_IPV4 is not set # CONFIG_NF_DUP_IPV4 is not set # CONFIG_NF_LOG_ARP is not set CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=m # CONFIG_NF_NAT_PPTP is not set # CONFIG_NF_NAT_H323 is not set CONFIG_NF_DEFRAG_IPV6=m CONFIG_NF_CONNTRACK_IPV6=m # CONFIG_NF_SOCKET_IPV6 is not set # CONFIG_NF_DUP_IPV6 is not set CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m CONFIG_NF_NAT_IPV6=m CONFIG_NF_NAT_MASQUERADE_IPV6=m What am I missing? Should I enable it some other way instead of using IMAGE_INSTALL_append? Do I need to enable more? It seems you built many netfilter features/drivers as modules and not built-in in the kernel. When that is the case, you need to add the modules to your image because Yocto does not do it for you. Yocto splits each module in its own package. As a simple try, you can add the kernel-modules package to your image, it is a package that pulls all kernel module packages all at once. At least you'll know if there's another issue before pinpointing the exact kernel module package names you will want in your image (kernel-modules can be pretty big if you don't have a "clean" defconfig with many unnecessary drivers built as modules). Cheers, Quentin
More All Messages By This Member
Maik Vermeulen #57716 Hi Quentin, Thank you for your response! I added kernel-modules to the IMAGE_INSTALL_append, but it seems that the modules are still not being loaded. Is that the correct way? Also I see that CONFIG_NF_TABLES is not set (with ~# zcat /proc/config.gz \| grep CONFIG_NF_ \| grep TABLE) Is that expected? Kind regards, Maik Vermeulen Embedded Software Engineer — Lightyear +31 6 16 82 73 79 On Mon, Aug 1, 2022 at 3:51 PM Quentin Schulz <quentin.schulz@...> wrote: Hi Maik, On 8/1/22 14:41, Maik Vermeulen wrote: > Hi, > > I added the following to our image recipe: > IMAGE_INSTALL_append = " nftables" > > When running that image, nftables seems to be included, but we get the > following error: > ~# nft > ../../nftables-0.7/src/netlink.c:59: Unable to initialize Netlink socket: > Protocol not supported > > Furthermore, it's not showing in lsmod, and also not in modprobe > --showconfigs. > > This is the active kernel config: > root@agent336:~# zcat /proc/config.gz \| grep "CONFIG_NF_\\|CONFIG_NETFILTER_" > CONFIG_NETFILTER_ADVANCED=y > CONFIG_NETFILTER_INGRESS=y > # CONFIG_NETFILTER_NETLINK_ACCT is not set > # CONFIG_NETFILTER_NETLINK_QUEUE is not set > # CONFIG_NETFILTER_NETLINK_LOG is not set > CONFIG_NF_CONNTRACK=m > CONFIG_NF_LOG_COMMON=m > # CONFIG_NF_LOG_NETDEV is not set > # CONFIG_NF_CONNTRACK_MARK is not set > CONFIG_NF_CONNTRACK_PROCFS=y > CONFIG_NF_CONNTRACK_EVENTS=y > # CONFIG_NF_CONNTRACK_TIMEOUT is not set > # CONFIG_NF_CONNTRACK_TIMESTAMP is not set > CONFIG_NF_CT_PROTO_DCCP=y > CONFIG_NF_CT_PROTO_SCTP=y > CONFIG_NF_CT_PROTO_UDPLITE=y > # CONFIG_NF_CONNTRACK_AMANDA is not set > # CONFIG_NF_CONNTRACK_FTP is not set > # CONFIG_NF_CONNTRACK_H323 is not set > # CONFIG_NF_CONNTRACK_IRC is not set > # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set > # CONFIG_NF_CONNTRACK_SNMP is not set > # CONFIG_NF_CONNTRACK_PPTP is not set > # CONFIG_NF_CONNTRACK_SANE is not set > # CONFIG_NF_CONNTRACK_SIP is not set > # CONFIG_NF_CONNTRACK_TFTP is not set > # CONFIG_NF_CT_NETLINK is not set > # CONFIG_NF_CT_NETLINK_TIMEOUT is not set > CONFIG_NF_NAT=m > CONFIG_NF_NAT_NEEDED=y > CONFIG_NF_NAT_PROTO_DCCP=y > CONFIG_NF_NAT_PROTO_UDPLITE=y > CONFIG_NF_NAT_PROTO_SCTP=y > # CONFIG_NF_NAT_AMANDA is not set > # CONFIG_NF_NAT_FTP is not set > # CONFIG_NF_NAT_IRC is not set > # CONFIG_NF_NAT_SIP is not set > # CONFIG_NF_NAT_TFTP is not set > # CONFIG_NF_NAT_REDIRECT is not set > # CONFIG_NF_TABLES is not set > CONFIG_NETFILTER_XTABLES=m > # CONFIG_NETFILTER_XT_MARK is not set > # CONFIG_NETFILTER_XT_CONNMARK is not set > # CONFIG_NETFILTER_XT_TARGET_AUDIT is not set > CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m > # CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set > # CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set > # CONFIG_NETFILTER_XT_TARGET_DSCP is not set > # CONFIG_NETFILTER_XT_TARGET_HL is not set > # CONFIG_NETFILTER_XT_TARGET_HMARK is not set > # CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set > # CONFIG_NETFILTER_XT_TARGET_LED is not set > CONFIG_NETFILTER_XT_TARGET_LOG=m > # CONFIG_NETFILTER_XT_TARGET_MARK is not set > CONFIG_NETFILTER_XT_NAT=m > # CONFIG_NETFILTER_XT_TARGET_NETMAP is not set > # CONFIG_NETFILTER_XT_TARGET_NFLOG is not set > # CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set > # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set > # CONFIG_NETFILTER_XT_TARGET_REDIRECT is not set > # CONFIG_NETFILTER_XT_TARGET_TEE is not set > # CONFIG_NETFILTER_XT_TARGET_TPROXY is not set > # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set > # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set > CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m > # CONFIG_NETFILTER_XT_MATCH_BPF is not set > # CONFIG_NETFILTER_XT_MATCH_CGROUP is not set > # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set > # CONFIG_NETFILTER_XT_MATCH_COMMENT is not set > # CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set > # CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set > # CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set > # CONFIG_NETFILTER_XT_MATCH_CONNMARK is not set > CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m > # CONFIG_NETFILTER_XT_MATCH_CPU is not set > # CONFIG_NETFILTER_XT_MATCH_DCCP is not set > # CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set > # CONFIG_NETFILTER_XT_MATCH_DSCP is not set > # CONFIG_NETFILTER_XT_MATCH_ECN is not set > # CONFIG_NETFILTER_XT_MATCH_ESP is not set > # CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set > # CONFIG_NETFILTER_XT_MATCH_HELPER is not set > # CONFIG_NETFILTER_XT_MATCH_HL is not set > # CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set > # CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set > # CONFIG_NETFILTER_XT_MATCH_L2TP is not set > # CONFIG_NETFILTER_XT_MATCH_LENGTH is not set > # CONFIG_NETFILTER_XT_MATCH_LIMIT is not set > # CONFIG_NETFILTER_XT_MATCH_MAC is not set > # CONFIG_NETFILTER_XT_MATCH_MARK is not set > # CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set > # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set > # CONFIG_NETFILTER_XT_MATCH_OWNER is not set > # CONFIG_NETFILTER_XT_MATCH_POLICY is not set > # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set > # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set > # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set > # CONFIG_NETFILTER_XT_MATCH_RATEEST is not set > # CONFIG_NETFILTER_XT_MATCH_REALM is not set > # CONFIG_NETFILTER_XT_MATCH_RECENT is not set > # CONFIG_NETFILTER_XT_MATCH_SCTP is not set > # CONFIG_NETFILTER_XT_MATCH_STATE is not set > # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set > # CONFIG_NETFILTER_XT_MATCH_STRING is not set > # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set > # CONFIG_NETFILTER_XT_MATCH_TIME is not set > # CONFIG_NETFILTER_XT_MATCH_U32 is not set > CONFIG_NF_DEFRAG_IPV4=m > CONFIG_NF_CONNTRACK_IPV4=m > # CONFIG_NF_SOCKET_IPV4 is not set > # CONFIG_NF_DUP_IPV4 is not set > # CONFIG_NF_LOG_ARP is not set > CONFIG_NF_LOG_IPV4=m > CONFIG_NF_REJECT_IPV4=m > CONFIG_NF_NAT_IPV4=m > CONFIG_NF_NAT_MASQUERADE_IPV4=m > # CONFIG_NF_NAT_PPTP is not set > # CONFIG_NF_NAT_H323 is not set > CONFIG_NF_DEFRAG_IPV6=m > CONFIG_NF_CONNTRACK_IPV6=m > # CONFIG_NF_SOCKET_IPV6 is not set > # CONFIG_NF_DUP_IPV6 is not set > CONFIG_NF_REJECT_IPV6=m > CONFIG_NF_LOG_IPV6=m > CONFIG_NF_NAT_IPV6=m > CONFIG_NF_NAT_MASQUERADE_IPV6=m > > What am I missing? Should I enable it some other way instead of using > IMAGE_INSTALL_append? Do I need to enable more? > It seems you built many netfilter features/drivers as modules and not built-in in the kernel. When that is the case, you need to add the modules to your image because Yocto does not do it for you. Yocto splits each module in its own package. As a simple try, you can add the kernel-modules package to your image, it is a package that pulls all kernel module packages all at once. At least you'll know if there's another issue before pinpointing the exact kernel module package names you will want in your image (kernel-modules can be pretty big if you don't have a "clean" defconfig with many unnecessary drivers built as modules). Cheers, Quentin Automotive Campus 70 —5708 JZ Helmond, the Netherlands www.lightyear.one This email may contain information which is privileged and/or confidential. If you received this e-mail in error, please notify us immediately by e-mail and delete the email without copying or disclosing its contents to any other person. Lightyear is a trade name of Atlas Technologies B.V. and is registered at the Dutch Chamber of Commerce under number 67264298.
More All Messages By This Member
Quentin Schulz #57717 Hi Maik, On 8/1/22 17:34, Maik Vermeulen wrote: Hi Quentin, Thank you for your response! I added kernel-modules to the IMAGE_INSTALL_append, but it seems that the modules are still not being loaded. Is that the correct way? Also I see that CONFIG_NF_TABLES is not set (with ~# zcat /proc/config.gz \| grep CONFIG_NF_ \| grep TABLE) Is that expected? No, you would indeed need to enable those in your kernel config. Cheers, Quentin
More All Messages By This Member
Randy MacLeod #57753 On 2022-08-01 11:45, Quentin Schulz wrote: Hi Maik, On 8/1/22 17:34, Maik Vermeulen wrote: Hi Quentin, Thank you for your response! I added kernel-modules to the IMAGE_INSTALL_append, but it seems that the modules are still not being loaded. Is that the correct way? Also I see that CONFIG_NF_TABLES is not set (with ~# zcat /proc/config.gz \| grep CONFIG_NF_ \| grep TABLE) Is that expected? No, you would indeed need to enable those in your kernel config. 0.7 - that's pre-dunfell! For master or kirkstone, see: https://lists.yoctoproject.org/g/linux-yocto/message/11523?p=%2C%2C%2C20%2C0%2C0%2C0%3A%3Acreated%2C0%2Cmacleod%2C20%2C1%2C0%2C92659340 and the follow-up that I'll send soon to get the pass-rate to 100%. You won't be able to use the WR Linux features directly but take a look at the image.inc and template.conf files in: https://github.com/WindRiver-Labs/wrlinux/tree/WRLINUX_10_21_BASE/templates/feature/nftables for the syntax to use the kernel scc files for nftables. It may not be there if you're using an older kernel. ../Randy Cheers, Quentin -- # Randy MacLeod # Wind River Linux
More All Messages By This Member

1 - 5 of 5

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms