Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#2360 - [nft] unset kernel config incapacitates nft #8541

Closed
openwrt-bot opened this issue Jul 7, 2019 · 2 comments
Closed

FS#2360 - [nft] unset kernel config incapacitates nft #8541

openwrt-bot opened this issue Jul 7, 2019 · 2 comments
Labels

Comments

@openwrt-bot
Copy link

n8v8R:

unset kernel conf incapacitates nft across all boards

CONFIG_NFT_RT is not set

CONFIG_NFT_SET_BITMAP is not set

CONFIG_NFT_OBJREF is not set

CONFIG_NFT_QUEUE is not set

CONFIG_NFT_COMPAT is not set

CONFIG_NFT_FIB_NETDEV is not set

CONFIG_NFT_DUP_IPV4 is not set

CONFIG_NFT_DUP_IPV6 is not set

https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=include/netfilter.mk;h=179d4ed7b93ae763234e966c1027ae89e204b137;hb=refs/heads/master#l335

https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=include/netfilter.mk;h=510aa183ca1ed9ab38015ced17005d70a6f4f6fa;hb=refs/heads/openwrt-18.06#l329

For instance

CONFIG_NFT_RT is not set

is the likely cause for

nft add rule ip filter forward oifname ppp0 tcp flags syn tcp option maxseg size set rt mtu

to fail with: Error: Could not process rule: No such file or directory

reference https://wiki.nftables.org/wiki-nftables/index.php/Mangle_TCP_options

please enable the kernel conf in order nft can utilize its full potential, particularly since being dedicated to routers.

@openwrt-bot
Copy link
Author

n8v8R:

This seems mostly resolved (least in Master) with the exception of NFT_FIB_NETDEV

@openwrt-bot
Copy link
Author

n8v8R:

19.07.x branch still exhibits those unset kernel flags and thus rendering nft unusable, shame for a router oriented distribution.

adding to the initial list

CONFIG_NF_LOG_NETDEV is not set

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant