Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
iptables missing symbols; can't find where they are
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
justin_brody
Apprentice
Apprentice


Joined: 26 Jan 2005
Posts: 283

PostPosted: Mon Jul 09, 2018 2:56 pm    Post subject: iptables missing symbols; can't find where they are Reply with quote

Hello,
I'm trying to run iptables. It won't load the module, and dmesg reports a number of missing modules:
Code:

Jul  9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_compat_unlock (err 0)
Jul  9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_free_table_info (err 0)
Jul  9 10:50:23 alaya kernel: ip_tables: disagrees about version of symbol skb_copy_bits
Jul  9 10:50:23 alaya kernel: ip_tables: Unknown symbol skb_copy_bits (err -22)
Jul  9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_alloc_table_info (err 0)
Jul  9 10:50:23 alaya kernel: ip_tables: disagrees about version of symbol nf_register_sockopt
Jul  9 10:50:23 alaya kernel: ip_tables: Unknown symbol nf_register_sockopt (err -22)
Jul  9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_percpu_counter_free (err 0)
Jul  9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_find_jump_offset (err 0)
Jul  9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_check_match (err 0)
Jul  9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_compat_match_from_user (err 0)
Jul  9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_request_find_target (err 0)
Jul  9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_unregister_matches (err 0)
Jul  9 10:50:23 alaya kernel: ip_tables: disagrees about version of symbol register_pernet_subsys
Jul  9 10:50:23 alaya kernel: ip_tables: Unknown symbol register_pernet_subsys (err -22)
Jul  9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_request_find_match (err 0)
Jul  9 10:50:23 alaya kernel: ip_tables: Unknown symbol xt_tee_enabled (err 0)

This keeps going for a while. I have everything that I can think of enabled in the kernel
Code:

/usr/src/linux # grep -i 'xt_' .config
CONFIG_HAVE_CONTEXT_TRACKING=y
CONFIG_BXT_WC_PMIC_OPREGION=y
CONFIG_NETFILTER_XT_MARK=y
CONFIG_NETFILTER_XT_CONNMARK=y
CONFIG_NETFILTER_XT_SET=y
CONFIG_NETFILTER_XT_TARGET_AUDIT=y
CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y
CONFIG_NETFILTER_XT_TARGET_CT=m
CONFIG_NETFILTER_XT_TARGET_DSCP=m
CONFIG_NETFILTER_XT_TARGET_HL=m
CONFIG_NETFILTER_XT_TARGET_HMARK=y
CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y
CONFIG_NETFILTER_XT_TARGET_LED=y
CONFIG_NETFILTER_XT_TARGET_LOG=y
CONFIG_NETFILTER_XT_TARGET_MARK=y
CONFIG_NETFILTER_XT_NAT=y
CONFIG_NETFILTER_XT_TARGET_NETMAP=y
CONFIG_NETFILTER_XT_TARGET_NFLOG=y
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
CONFIG_NETFILTER_XT_TARGET_RATEEST=y
CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
CONFIG_NETFILTER_XT_TARGET_TEE=y
.
.
.CONFIG_NETFILTER_XT_MATCH_TIME=y
CONFIG_NETFILTER_XT_MATCH_U32=y
# CONFIG_LXT_PHY is not set
# CONFIG_INTEL_BXT_PMIC_THERMAL is not set
# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set

The last 3 are the only things that aren't set. But I don't think this is what iptables isn't finding. Anyone know where I should look for the missing symbols???
Back to top
View user's profile Send private message
bunder
Bodhisattva
Bodhisattva


Joined: 10 Apr 2004
Posts: 5934

PostPosted: Mon Jul 09, 2018 6:45 pm    Post subject: Reply with quote

usually a kernel recompile fixes "unknown symbols". :wink:
_________________
Neddyseagoon wrote:
The problem with leaving is that you can only do it once and it reduces your influence.

banned from #gentoo since sept 2017
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54099
Location: 56N 3W

PostPosted: Mon Jul 09, 2018 7:13 pm    Post subject: Reply with quote

justin_brody,

Code:
Unknown symbol xt_compat_unlock
usually means you have tried to add a module to IP tables but have also changed a built in option without rebuiling the entire kernel.
Code:
ip_tables: disagrees about version of symbol skb_copy_bits
reinrorces that the kernel binary and the symbol skb_copy_bits have two different kernel setups.

This confirms that your kernel modules and kernel binary in /boot come from different builds of the kernel. Thats not always a problem. It is possible to add modules like this to the running kernel but not always.
Maybe that was not your intent and you forgot to mount /boot for the kernel install?

The fix as bunder says, is to rebuild and reinstall your kernel. If the complete build has been done, the reinstall and reboot may be enough.

There are a few corner cases where the kernel build system doesn't get it quite right too.
You fix that with a
Code:
make clean
at the start of your build process.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum