Forums

Skip to content

Advanced search
  • Quick links
    • Unanswered topics
    • Active topics
    • Search
  • FAQ
  • Login
  • Register
  • Board index Assistance Kernel & Hardware
  • Search

[solved] Kernel 6.17 - option not found for IP_NF and IP6_NF

Kernel not recognizing your hardware? Problems with power management or PCMCIA? What hardware is compatible with Gentoo? See here. (Only for kernels supported by Gentoo.)
Post Reply
Advanced search
5 posts • Page 1 of 1
Author
Message
MorgothSauron
Tux's lil' helper
Tux's lil' helper
User avatar
Posts: 89
Joined: Thu Sep 24, 2020 4:43 pm

[solved] Kernel 6.17 - option not found for IP_NF and IP6_NF

  • Quote

Post by MorgothSauron » Wed Oct 15, 2025 4:31 pm

Hello,
A recent update to libvirt told me that there were few kernel options not set:

Code: Select all

 * Messages for package app-emulation/libvirt-11.6.0-r1:
 * Log file: /var/portage/logs/app-emulation:libvirt-11.6.0-r1:20251013-211446.log

 *   CONFIG_IP_NF_FILTER:	is not set when it should be.
 *   CONFIG_IP_NF_MANGLE:	is not set when it should be.
 *   CONFIG_IP_NF_NAT:	is not set when it should be.
 *   CONFIG_IP6_NF_FILTER:	is not set when it should be.
 *   CONFIG_IP6_NF_MANGLE:	is not set when it should be.
 *   CONFIG_IP6_NF_NAT:	is not set when it should be.
 *   CONFIG_BRIDGE_EBT_T_NAT:	is not set when it should be.
 * Please check to make sure these options are set correctly.
 * Failure to do so may cause unexpected problems.
It's not there when I check the running kernel config (zcat /proc/config.gz). Shouldn't I see the options commented out in the output since they are not set ?

I "dumped" the config to /usr/src/linux/.config and executed make nconfig.

I then hit F8 (SymSearch) to search for one of the option. It does return a result (example for CONFIG_IP_NF_FILTER):

Code: Select all

Symbol: IP_NF_FILTER [=n]                                                                                  
Type  : tristate                                                                                           
Defined at net/ipv4/netfilter/Kconfig:184                                                                  
  Prompt: Packet filtering                                                                                 
  Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && IP_NF_IPTABLES [=m] && IP_NF_IPTABLES_LEGACY [=n] 
  Location:                                                                                                
    -> Networking support (NET [=y])                                                                       
      -> Networking options                                                                                
        -> Network packet filtering framework (Netfilter) (NETFILTER [=y])                                 
          -> IP: Netfilter Configuration                                                                   
(1)         -> IP tables support (required for filtering/masq/NAT) (IP_NF_IPTABLES [=m])                   
              -> Packet filtering (IP_NF_FILTER [=n])
So far, so good. The search returns something and it confirms it's not set (IP_NF_FILTER [=n]).

The problem is that there is no IP_NF_FILTER when I hit '1' to go to the location. These are the only options under IP_NF_IPTABLES:

Code: Select all

<M> IP tables support (required for filtering/masq/NAT).
<M>   "ah" match support                               
<M>   "ecn" match support                              
<M>   "rpfilter" reverse path filter match support     
<M>   "ttl" match support                              
<M>   REJECT target support                            
<M>   SYNPROXY target support                          
<M>   ECN target support                               
<M> ARP payload mangling
What am I missing here ? Why can't I find the option when I go to the location returned by the search ?

Thanks
Last edited by MorgothSauron on Wed Oct 15, 2025 6:02 pm, edited 2 times in total.
Top
NeddySeagoon
Administrator
Administrator
User avatar
Posts: 56103
Joined: Sat Jul 05, 2003 9:37 am
Location: 56N 3W

  • Quote

Post by NeddySeagoon » Wed Oct 15, 2025 4:38 pm

Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && IP_NF_IPTABLES [=m] && IP_NF_IPTABLES_LEGACY [=n] ,
The Depends on: is false, so the option is hidden.

That boolean needs to be true before the option will appear.
You can see it by pressing 'z' for toggle hidden options.
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Top
grknight
Retired Dev
Retired Dev
Posts: 2565
Joined: Fri Feb 20, 2015 9:36 pm

  • Quote

Post by grknight » Wed Oct 15, 2025 4:43 pm

MorgothSauron wrote:

Code: Select all

Symbol: IP_NF_FILTER [=n]                                                                                  
  Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && IP_NF_IPTABLES [=m] && IP_NF_IPTABLES_LEGACY [=n]
Needs IP_NF_IPTABLES_LEGACY to select that option.
Top
Hu
Administrator
Administrator
Posts: 24403
Joined: Tue Mar 06, 2007 5:38 am

Re: Kernel 6.17 - options not found for IP_NF and IP6_NF

  • Quote

Post by Hu » Wed Oct 15, 2025 4:55 pm

The above posts address the immediate question. I want to focus on a broader question:
MorgothSauron wrote:Shouldn't I see the options commented out in the output since they are not set ?
Sometimes, but not always. If an option is not set, and you could enable it via menuconfig without making other changes, then yes, generally it will be listed as "not set". If it is not set, and it is inside an entire tree of options that are hidden, then no. For example, on a system with CONFIG_MEDIA_SUPPORT=y, I see options for the individual media sections, Digital TV, Video4Linux, etc., and dozens of lines later, I come to Graphics support. On a system with # CONFIG_MEDIA_SUPPORT is not set, the very next line is # Graphics support, with none of the individual media sections listed in the .config, not even to recap that they are not set. Thus, reviewing the config can be a nice shortcut for things that are enabled, but is not a good way to find things that you need to enable. For that, use the menuconfig search, in conjunction with the advice from the above posts about how to reveal options with unsatisfied dependencies.
Top
MorgothSauron
Tux's lil' helper
Tux's lil' helper
User avatar
Posts: 89
Joined: Thu Sep 24, 2020 4:43 pm

  • Quote

Post by MorgothSauron » Wed Oct 15, 2025 5:41 pm

NeddySeagoon wrote:Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && IP_NF_IPTABLES [=m] && IP_NF_IPTABLES_LEGACY [=n] ,
The Depends on: is false, so the option is hidden.

That boolean needs to be true before the option will appear.
You can see it by pressing 'z' for toggle hidden options.
All options were indeed hidden. Using the "Show All" option displayed those option with the hidden symbol (XXX). This should have been a clue, but I forgot to display hidden options.

Also, I didn't know how to read the dependency properly. I thought IP_NF_IPTABLES_LEGACY had to be disabled ... but the brackets show the actual value not the needed one :oops:

I searched for IP_NF_IPTABLES_LEGACY and it was hidden too. There was an other dependency on NETFILTER_XTABLES_LEGACY.

I then enabled NETFILTER_XTABLES_LEGACY and I could then enable IP_NF_IPTABLES_LEGACY.

After that all NF options I couldn't find before were automatically enabled (M in fact). I had to repeat the same dependency investigation for CONFIG_BRIDGE_EBT_T_NAT.

I rebooted with updated config and I got the expected result

Code: Select all

root@morgoth:~ # zcat /proc/config.gz |grep -E "IP_NF_FILTER|CONFIG_IP_NF_MANGLE|CONFIG_IP_NF_NAT|CONFIG_IP6_NF_FILTER|CONFIG_IP6_NF_MANGLE|CONFIG_IP6_NF_NAT|CONFIG_BRIDGE_EBT_T_NAT"
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_NAT=m
CONFIG_BRIDGE_EBT_T_NAT=m
root@morgoth:~ #
Thanks for the help

Edit: I re-installed (emerge -1 libvirt) again. There was no warning about the kernel options this time :)
Top
Post Reply
5 posts • Page 1 of 1

Return to “Kernel & Hardware”

Jump to
  • Assistance
  • ↳   News & Announcements
  • ↳   Frequently Asked Questions
  • ↳   Installing Gentoo
  • ↳   Multimedia
  • ↳   Desktop Environments
  • ↳   Networking & Security
  • ↳   Kernel & Hardware
  • ↳   Portage & Programming
  • ↳   Gamers & Players
  • ↳   Other Things Gentoo
  • ↳   Unsupported Software
  • Discussion & Documentation
  • ↳   Documentation, Tips & Tricks
  • ↳   Gentoo Chat
  • ↳   Gentoo Forums Feedback
  • ↳   Duplicate Threads
  • International Gentoo Users
  • ↳   中文 (Chinese)
  • ↳   Dutch
  • ↳   Finnish
  • ↳   French
  • ↳   Deutsches Forum (German)
  • ↳   Diskussionsforum
  • ↳   Deutsche Dokumentation
  • ↳   Greek
  • ↳   Forum italiano (Italian)
  • ↳   Forum di discussione italiano
  • ↳   Risorse italiane (documentazione e tools)
  • ↳   Polskie forum (Polish)
  • ↳   Instalacja i sprzęt
  • ↳   Polish OTW
  • ↳   Portuguese
  • ↳   Documentação, Ferramentas e Dicas
  • ↳   Russian
  • ↳   Scandinavian
  • ↳   Spanish
  • ↳   Other Languages
  • Architectures & Platforms
  • ↳   Gentoo on ARM
  • ↳   Gentoo on PPC
  • ↳   Gentoo on Sparc
  • ↳   Gentoo on Alternative Architectures
  • ↳   Gentoo on AMD64
  • ↳   Gentoo for Mac OS X (Portage for Mac OS X)
  • Board index
  • All times are UTC
  • Delete cookies

© 2001–2026 Gentoo Foundation, Inc.

Powered by phpBB® Forum Software © phpBB Limited

Privacy Policy

 

 

magic