ip_tables does not get included in kernel modules

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ip_tables does not get included in kernel modules

5,767 Views
yuce_kurum
Contributor II

Hello everyone,

I am trying to add iptables to my imx6ullevk image but kernel modules do not get included.

Added to build/conf/local.conf;
CORE_IMAGE_EXTRA_INSTALL += " kernel-modules"
IMAGE_INSTALL_append = " iptables "
IMAGE_FSTYPES += "tar.bz2"

$: bitbake virtual/kernel -c menuconfig
After setting new kernel configuration with menuconfig i can see the new configurations in the .config file. I have created a bsp layer with a defconfig using it.
> CONFIG_NETFILTER=y
> CONFIG_NF_TABLES=y
> CONFIG_NETFILTER_XTABLES=y
> CONFIG_NFT_REJECT=y
...

$: bitbake core-image-minimal
After the build i can't find "net" kernel modules in the image files: /lib/modules/4.9.11.../kernel/net/ folder is empty. So iptables is in the image but ip_tables kernel modules are not.
After changing the machine to qemux86 modules get included.

I am using https://github.com/Freescale/fsl-community-bsp-platform repo for yocto and i have tried zeus, rocko and dunfell branches.

What could be the problem? Any help would be appreciated.
Thanks.

Labels (3)
Tags (2)
0 Kudos
4 Replies

5,748 Views
b36401
NXP Employee
NXP Employee

Possibly iptables was compiled into the kernel not as external module.
Please try "iptables -L" on the board.

0 Kudos

5,744 Views
yuce_kurum
Contributor II


iptables is looking for modules in version 4.9.88 but my kernel is 4.14.98. 

root@imx6ullevk:~# iptables -L
modprobe: can't change directory to '4.9.88+g5e23f9d61147': No such file or directory
iptables v1.8.3 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

root@imx6ullevk:/lib/modules# ls -l
drwxr-xr-x 3 root root 1040 Jan 1 1970 4.14.98-imx+g1175b59

Just to test i copy the kernel modules to the required version.

root@imx6ullevk:/lib/modules# cp -r 4.14.98-imx+g1175b59 4.9.88+g5e23f9d61147
root@imx6ullevk:/lib/modules# ls -l
drwxr-xr-x 3 root root 1040 Jan 1 1970 4.14.98-imx+g1175b59
drwxr-xr-x 3 root root 1040 Dec 8 13:11 4.9.88+g5e23f9d61147
root@imx6ullevk:/lib/modules# iptables -L
modprobe: module ip_tables not found in modules.dep
iptables v1.8.3 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

 

 

0 Kudos

5,687 Views
b36401
NXP Employee
NXP Employee

Please try to create a symlink with right name for existing module.

0 Kudos

5,682 Views
yuce_kurum
Contributor II

Modules are built-in;

root@imx6ull14x14evk:/lib/modules/5.4.3-lts-lf-5.4.y+gf8118585ee3c# cat modules.builtin | grep filter  
kernel/net/ipv4/netfilter/nf_reject_ipv4.ko
kernel/net/ipv4/netfilter/ip_tables.ko
kernel/net/ipv4/netfilter/iptable_filter.ko
....

iptables error before linking;

root@imx6ull14x14evk:/lib/modules/5.4.3-lts-lf-5.4.y+gf8118585ee3c# iptables -L
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/4.9.88+g5e23f9d61147
iptables v1.8.3 (legacy): can't initialize iptables table `filter': Table does not exist (do
you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

After linking;

root@imx6ull14x14evk:/lib/modules# ln -s 5.4.3-lts-lf-5.4.y+gf8118585ee3c 4.9.88+g5e23f9d61147
root@imx6ull14x14evk:/lib/modules# ls -l  
lrwxrwxrwx    1 root     root            32 Jan 14 10:44 4.9.88+g5e23f9d61147 -> 5.4.3-lts-lf-5.4.y+gf8118585ee3c
drwxr-xr-x    3 root     root          1120 Jan  8 11:39 5.4.3-lts-lf-5.4.y+gf8118585ee3c

root@imx6ull14x14evk:/lib/modules# iptables -L
iptables v1.8.3 (legacy): can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

root@imx6ull14x14evk:/lib/modules/4.9.88+g5e23f9d61147/kernel/net# ls -lR
drwxr-xr-x    2 root     root           232 Jan  8 11:39 8021q

./8021q:
-rw-r--r--    1 root     root         35444 Jan  8 11:12 8021q.ko

/iptable_filter.ko is built in and there is nothing to insmod.

 

When i build an image with manually loaded ip_tables modules i get following results;

Modules are present but i cant insert the module.

root@imx6ull14x14evk:/lib/modules/5.4.3-lts-lf-5.4.y+gf8118585ee3c/kernel/net/ipv4/netfilter# ls -l
-rw-r--r--    1 root     root         25036 Jan  8 10:23 ip_tables.ko
-rw-r--r--    1 root     root          6048 Jan  8 10:23 ipt_REJECT.ko
-rw-r--r--    1 root     root          6932 Jan  8 10:23 iptable_filter.ko
-rw-r--r--    1 root     root          6688 Jan  8 10:23 iptable_mangle.ko
-rw-r--r--    1 root     root          6868 Jan  8 10:23 nf_reject_ipv4.ko

root@imx6ull14x14evk:/lib/modules/5.4.3-lts-lf-5.4.y+gf8118585ee3c/kernel/net/ipv4/netfilter# insmod ip_tables.ko
insmod: ERROR: could not insert module ip_tables.ko: Invalid module format

After i link the module i still get the same error;

root@imx6ull14x14evk:/lib/modules/5.4.3-lts-lf-5.4.y+gf8118585ee3c/kernel/net/ipv4/netfilter# mkdir -p /lib/modules/4.9.88+g5e23f9d61147/kernel/net/ipv4/netfilter

root@imx6ull14x14evk:/lib/modules/4.9.88+g5e23f9d61147/kernel/net/ipv4/netfilter# ln -s  /lib/modules/5.4.3-lts-lf-.4.y+gf8118585ee3c/kernel/net/ipv4/netfilter/ip_tables.ko ip_tables.ko
root@imx6ull14x14evk:/lib/modules/4.9.88+g5e23f9d61147/kernel/net/ipv4/netfilter# ls -l
lrwxrwxrwx    1 root     root            84 Jan 14 11:45 ip_tables.ko -> /lib/modules/5.4.3-lts-lf-5.4.y+gf8118585ee3c/kernel/net/ipv4/netfilter/ip_tables.ko

root@imx6ull14x14evk:/lib/modules/4.9.88+g5e23f9d61147/kernel/net/ipv4/netfilter# insmod ip_tables.ko  
insmod: ERROR: could not insert module ip_tables.ko: Invalid module format

Apparently I can't change text size in "Edit reply". Sorry for the changing styles.

Thanks.

 

0 Kudos