ip_tables does not get included in kernel modules

yuce_kurum · ‎12-08-2020

Hello everyone,

I am trying to add iptables to my imx6ullevk image but kernel modules do not get included.

Added to build/conf/local.conf;
CORE_IMAGE_EXTRA_INSTALL += " kernel-modules"
IMAGE_INSTALL_append = " iptables "
IMAGE_FSTYPES += "tar.bz2"

$: bitbake virtual/kernel -c menuconfig
After setting new kernel configuration with menuconfig i can see the new configurations in the .config file. I have created a bsp layer with a defconfig using it.
> CONFIG_NETFILTER=y
> CONFIG_NF_TABLES=y
> CONFIG_NETFILTER_XTABLES=y
> CONFIG_NFT_REJECT=y
...

$: bitbake core-image-minimal
After the build i can't find "net" kernel modules in the image files: /lib/modules/4.9.11.../kernel/net/ folder is empty. So iptables is in the image but ip_tables kernel modules are not.
After changing the machine to qemux86 modules get included.

I am using https://github.com/Freescale/fsl-community-bsp-platform repo for yocto and i have tried zeus, rocko and dunfell branches.

What could be the problem? Any help would be appreciated.
Thanks.

b36401 · ‎12-10-2020

Possibly iptables was compiled into the kernel not as external module.
Please try "iptables -L" on the board.

yuce_kurum · ‎12-11-2020

iptables is looking for modules in version 4.9.88 but my kernel is 4.14.98.

root@imx6ullevk:~# iptables -L
modprobe: can't change directory to '4.9.88+g5e23f9d61147': No such file or directory
iptables v1.8.3 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

root@imx6ullevk:/lib/modules# ls -l
drwxr-xr-x 3 root root 1040 Jan 1 1970 4.14.98-imx+g1175b59

Just to test i copy the kernel modules to the required version.

root@imx6ullevk:/lib/modules# cp -r 4.14.98-imx+g1175b59 4.9.88+g5e23f9d61147
root@imx6ullevk:/lib/modules# ls -l
drwxr-xr-x 3 root root 1040 Jan 1 1970 4.14.98-imx+g1175b59
drwxr-xr-x 3 root root 1040 Dec 8 13:11 4.9.88+g5e23f9d61147
root@imx6ullevk:/lib/modules# iptables -L
modprobe: module ip_tables not found in modules.dep
iptables v1.8.3 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

b36401 · ‎01-13-2021

Please try to create a symlink with right name for existing module.

yuce_kurum · ‎01-14-2021

Modules are built-in;

root@imx6ull14x14evk:/lib/modules/5.4.3-lts-lf-5.4.y+gf8118585ee3c# cat modules.builtin | grep filter
kernel/net/ipv4/netfilter/nf_reject_ipv4.ko
kernel/net/ipv4/netfilter/ip_tables.ko
kernel/net/ipv4/netfilter/iptable_filter.ko
....

iptables error before linking;

root@imx6ull14x14evk:/lib/modules/5.4.3-lts-lf-5.4.y+gf8118585ee3c# iptables -L
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.9.88+g5e23f9d61147
iptables v1.8.3 (legacy): can't initialize iptables table `filter': Table does not exist (do
you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

After linking;

root@imx6ull14x14evk:/lib/modules# ln -s 5.4.3-lts-lf-5.4.y+gf8118585ee3c 4.9.88+g5e23f9d61147
root@imx6ull14x14evk:/lib/modules# ls -l
lrwxrwxrwx 1 root root 32 Jan 14 10:44 4.9.88+g5e23f9d61147 -> 5.4.3-lts-lf-5.4.y+gf8118585ee3c
drwxr-xr-x 3 root root 1120 Jan 8 11:39 5.4.3-lts-lf-5.4.y+gf8118585ee3c

root@imx6ull14x14evk:/lib/modules# iptables -L
iptables v1.8.3 (legacy): can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

root@imx6ull14x14evk:/lib/modules/4.9.88+g5e23f9d61147/kernel/net# ls -lR
drwxr-xr-x 2 root root 232 Jan 8 11:39 8021q

./8021q:
-rw-r--r-- 1 root root 35444 Jan 8 11:12 8021q.ko

/iptable_filter.ko is built in and there is nothing to insmod.

When i build an image with manually loaded ip_tables modules i get following results;

Modules are present but i cant insert the module.

root@imx6ull14x14evk:/lib/modules/5.4.3-lts-lf-5.4.y+gf8118585ee3c/kernel/net/ipv4/netfilter# ls -l
-rw-r--r--    1 root     root         25036 Jan 8 10:23 ip_tables.ko
-rw-r--r--    1 root     root          6048 Jan 8 10:23 ipt_REJECT.ko
-rw-r--r--    1 root     root          6932 Jan 8 10:23 iptable_filter.ko
-rw-r--r--    1 root     root          6688 Jan 8 10:23 iptable_mangle.ko
-rw-r--r--    1 root     root          6868 Jan 8 10:23 nf_reject_ipv4.ko

root@imx6ull14x14evk:/lib/modules/5.4.3-lts-lf-5.4.y+gf8118585ee3c/kernel/net/ipv4/netfilter# insmod ip_tables.ko
insmod: ERROR: could not insert module ip_tables.ko: Invalid module format

After i link the module i still get the same error;

root@imx6ull14x14evk:/lib/modules/5.4.3-lts-lf-5.4.y+gf8118585ee3c/kernel/net/ipv4/netfilter# mkdir -p /lib/modules/4.9.88+g5e23f9d61147/kernel/net/ipv4/netfilter

root@imx6ull14x14evk:/lib/modules/4.9.88+g5e23f9d61147/kernel/net/ipv4/netfilter# ln -s /lib/modules/5.4.3-lts-lf-.4.y+gf8118585ee3c/kernel/net/ipv4/netfilter/ip_tables.ko ip_tables.ko
root@imx6ull14x14evk:/lib/modules/4.9.88+g5e23f9d61147/kernel/net/ipv4/netfilter# ls -l
lrwxrwxrwx 1 root root 84 Jan 14 11:45 ip_tables.ko -> /lib/modules/5.4.3-lts-lf-5.4.y+gf8118585ee3c/kernel/net/ipv4/netfilter/ip_tables.ko

root@imx6ull14x14evk:/lib/modules/4.9.88+g5e23f9d61147/kernel/net/ipv4/netfilter# insmod ip_tables.ko
insmod: ERROR: could not insert module ip_tables.ko: Invalid module format

Apparently I can't change text size in "Edit reply". Sorry for the changing styles.

Thanks.

ip_tables does not get included in kernel modules

ip_tables does not get included in kernel modules

i.MX6UL

Linux

Yocto Project