View previous topic :: View next topic |
Author |
Message |
justin_brody Apprentice
Joined: 26 Jan 2005 Posts: 283
|
Posted: Mon Jul 09, 2018 2:56 pm Post subject: iptables missing symbols; can't find where they are |
|
|
Hello,
I'm trying to run iptables. It won't load the module, and dmesg reports a number of missing modules:
Code: |
Jul 9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_compat_unlock (err 0)
Jul 9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_free_table_info (err 0)
Jul 9 10:50:23 alaya kernel: ip_tables: disagrees about version of symbol skb_copy_bits
Jul 9 10:50:23 alaya kernel: ip_tables: Unknown symbol skb_copy_bits (err -22)
Jul 9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_alloc_table_info (err 0)
Jul 9 10:50:23 alaya kernel: ip_tables: disagrees about version of symbol nf_register_sockopt
Jul 9 10:50:23 alaya kernel: ip_tables: Unknown symbol nf_register_sockopt (err -22)
Jul 9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_percpu_counter_free (err 0)
Jul 9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_find_jump_offset (err 0)
Jul 9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_check_match (err 0)
Jul 9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_compat_match_from_user (err 0)
Jul 9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_request_find_target (err 0)
Jul 9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_unregister_matches (err 0)
Jul 9 10:50:23 alaya kernel: ip_tables: disagrees about version of symbol register_pernet_subsys
Jul 9 10:50:23 alaya kernel: ip_tables: Unknown symbol register_pernet_subsys (err -22)
Jul 9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_request_find_match (err 0)
Jul 9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_tee_enabled (err 0)
|
This keeps going for a while. I have everything that I can think of enabled in the kernel
Code: |
/usr/src/linux # grep -i 'xt_' .config
CONFIG_HAVE_CONTEXT_TRACKING=y
CONFIG_BXT_WC_PMIC_OPREGION=y
CONFIG_NETFILTER_XT_MARK=y
CONFIG_NETFILTER_XT_CONNMARK=y
CONFIG_NETFILTER_XT_SET=y
CONFIG_NETFILTER_XT_TARGET_AUDIT=y
CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y
CONFIG_NETFILTER_XT_TARGET_CT=m
CONFIG_NETFILTER_XT_TARGET_DSCP=m
CONFIG_NETFILTER_XT_TARGET_HL=m
CONFIG_NETFILTER_XT_TARGET_HMARK=y
CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y
CONFIG_NETFILTER_XT_TARGET_LED=y
CONFIG_NETFILTER_XT_TARGET_LOG=y
CONFIG_NETFILTER_XT_TARGET_MARK=y
CONFIG_NETFILTER_XT_NAT=y
CONFIG_NETFILTER_XT_TARGET_NETMAP=y
CONFIG_NETFILTER_XT_TARGET_NFLOG=y
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
CONFIG_NETFILTER_XT_TARGET_RATEEST=y
CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
CONFIG_NETFILTER_XT_TARGET_TEE=y
.
.
.CONFIG_NETFILTER_XT_MATCH_TIME=y
CONFIG_NETFILTER_XT_MATCH_U32=y
# CONFIG_LXT_PHY is not set
# CONFIG_INTEL_BXT_PMIC_THERMAL is not set
# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
|
The last 3 are the only things that aren't set. But I don't think this is what iptables isn't finding. Anyone know where I should look for the missing symbols??? |
|
Back to top |
|
|
bunder Bodhisattva
Joined: 10 Apr 2004 Posts: 5934
|
Posted: Mon Jul 09, 2018 6:45 pm Post subject: |
|
|
usually a kernel recompile fixes "unknown symbols". _________________
Neddyseagoon wrote: | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54099 Location: 56N 3W
|
Posted: Mon Jul 09, 2018 7:13 pm Post subject: |
|
|
justin_brody,
Code: | Unknown symbol xt_compat_unlock | usually means you have tried to add a module to IP tables but have also changed a built in option without rebuiling the entire kernel.
Code: | ip_tables: disagrees about version of symbol skb_copy_bits | reinrorces that the kernel binary and the symbol skb_copy_bits have two different kernel setups.
This confirms that your kernel modules and kernel binary in /boot come from different builds of the kernel. Thats not always a problem. It is possible to add modules like this to the running kernel but not always.
Maybe that was not your intent and you forgot to mount /boot for the kernel install?
The fix as bunder says, is to rebuild and reinstall your kernel. If the complete build has been done, the reinstall and reboot may be enough.
There are a few corner cases where the kernel build system doesn't get it quite right too.
You fix that with a at the start of your build process. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
|