OpenWrt/LEDE Project

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Kernel
  • Assigned To No-one
  • Operating System All
  • Severity High
  • Priority Very Low
  • Reported Version All
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by n8v8R - 07.07.2019

FS#2360 - [nft] unset kernel config incapacitates nft

unset kernel conf incapacitates nft across all boards

# CONFIG_NFT_RT is not set
# CONFIG_NFT_SET_BITMAP is not set
# CONFIG_NFT_OBJREF is not set
# CONFIG_NFT_QUEUE is not set
# CONFIG_NFT_COMPAT is not set
# CONFIG_NFT_FIB_NETDEV is not set
# CONFIG_NFT_DUP_IPV4 is not set
# CONFIG_NFT_DUP_IPV6 is not set

 

https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=include/netfilter.mk;h=179d4ed7b93ae763234e966c1027ae89e204b137;hb=refs/heads/master#l335

https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=include/netfilter.mk;h=510aa183ca1ed9ab38015ced17005d70a6f4f6fa;hb=refs/heads/openwrt-18.06#l329


For instance

# CONFIG_NFT_RT is not set

is the likely cause for

# nft add rule ip filter forward oifname ppp0 tcp flags syn tcp option maxseg size set rt mtu

to fail with: Error: Could not process rule: No such file or directory

reference https://wiki.nftables.org/wiki-nftables/index.php/Mangle_TCP_options


please enable the kernel conf in order nft can utilize its full potential, particularly since being dedicated to routers.

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing