Hi Quentin, Thank you for your response!
I added kernel-modules to the IMAGE_INSTALL_append, but it seems that the modules are still not being loaded. Is that the correct way? Also I see that CONFIG_NF_TABLES is not set (with ~# zcat /proc/config.gz | grep CONFIG_NF_ | grep TABLE) Is that expected? Kind regards, Maik Vermeulen Embedded Software Engineer — Lightyear <https://www.lightyear.one/> +31 6 16 82 73 79 <+31616827379> On Mon, Aug 1, 2022 at 3:51 PM Quentin Schulz < quentin.sch...@theobroma-systems.com> wrote: > Hi Maik, > > On 8/1/22 14:41, Maik Vermeulen wrote: > > Hi, > > > > I added the following to our image recipe: > > IMAGE_INSTALL_append = " nftables" > > > > When running that image, nftables seems to be included, but we get the > > following error: > > ~# nft > > ../../nftables-0.7/src/netlink.c:59: Unable to initialize Netlink socket: > > Protocol not supported > > > > Furthermore, it's not showing in lsmod, and also not in modprobe > > --showconfigs. > > > > This is the active kernel config: > > root@agent336:~# zcat /proc/config.gz | grep > "CONFIG_NF_\|CONFIG_NETFILTER_" > > CONFIG_NETFILTER_ADVANCED=y > > CONFIG_NETFILTER_INGRESS=y > > # CONFIG_NETFILTER_NETLINK_ACCT is not set > > # CONFIG_NETFILTER_NETLINK_QUEUE is not set > > # CONFIG_NETFILTER_NETLINK_LOG is not set > > CONFIG_NF_CONNTRACK=m > > CONFIG_NF_LOG_COMMON=m > > # CONFIG_NF_LOG_NETDEV is not set > > # CONFIG_NF_CONNTRACK_MARK is not set > > CONFIG_NF_CONNTRACK_PROCFS=y > > CONFIG_NF_CONNTRACK_EVENTS=y > > # CONFIG_NF_CONNTRACK_TIMEOUT is not set > > # CONFIG_NF_CONNTRACK_TIMESTAMP is not set > > CONFIG_NF_CT_PROTO_DCCP=y > > CONFIG_NF_CT_PROTO_SCTP=y > > CONFIG_NF_CT_PROTO_UDPLITE=y > > # CONFIG_NF_CONNTRACK_AMANDA is not set > > # CONFIG_NF_CONNTRACK_FTP is not set > > # CONFIG_NF_CONNTRACK_H323 is not set > > # CONFIG_NF_CONNTRACK_IRC is not set > > # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set > > # CONFIG_NF_CONNTRACK_SNMP is not set > > # CONFIG_NF_CONNTRACK_PPTP is not set > > # CONFIG_NF_CONNTRACK_SANE is not set > > # CONFIG_NF_CONNTRACK_SIP is not set > > # CONFIG_NF_CONNTRACK_TFTP is not set > > # CONFIG_NF_CT_NETLINK is not set > > # CONFIG_NF_CT_NETLINK_TIMEOUT is not set > > CONFIG_NF_NAT=m > > CONFIG_NF_NAT_NEEDED=y > > CONFIG_NF_NAT_PROTO_DCCP=y > > CONFIG_NF_NAT_PROTO_UDPLITE=y > > CONFIG_NF_NAT_PROTO_SCTP=y > > # CONFIG_NF_NAT_AMANDA is not set > > # CONFIG_NF_NAT_FTP is not set > > # CONFIG_NF_NAT_IRC is not set > > # CONFIG_NF_NAT_SIP is not set > > # CONFIG_NF_NAT_TFTP is not set > > # CONFIG_NF_NAT_REDIRECT is not set > > # CONFIG_NF_TABLES is not set > > CONFIG_NETFILTER_XTABLES=m > > # CONFIG_NETFILTER_XT_MARK is not set > > # CONFIG_NETFILTER_XT_CONNMARK is not set > > # CONFIG_NETFILTER_XT_TARGET_AUDIT is not set > > CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m > > # CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set > > # CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set > > # CONFIG_NETFILTER_XT_TARGET_DSCP is not set > > # CONFIG_NETFILTER_XT_TARGET_HL is not set > > # CONFIG_NETFILTER_XT_TARGET_HMARK is not set > > # CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set > > # CONFIG_NETFILTER_XT_TARGET_LED is not set > > CONFIG_NETFILTER_XT_TARGET_LOG=m > > # CONFIG_NETFILTER_XT_TARGET_MARK is not set > > CONFIG_NETFILTER_XT_NAT=m > > # CONFIG_NETFILTER_XT_TARGET_NETMAP is not set > > # CONFIG_NETFILTER_XT_TARGET_NFLOG is not set > > # CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set > > # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set > > # CONFIG_NETFILTER_XT_TARGET_REDIRECT is not set > > # CONFIG_NETFILTER_XT_TARGET_TEE is not set > > # CONFIG_NETFILTER_XT_TARGET_TPROXY is not set > > # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set > > # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set > > CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m > > # CONFIG_NETFILTER_XT_MATCH_BPF is not set > > # CONFIG_NETFILTER_XT_MATCH_CGROUP is not set > > # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set > > # CONFIG_NETFILTER_XT_MATCH_COMMENT is not set > > # CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set > > # CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set > > # CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set > > # CONFIG_NETFILTER_XT_MATCH_CONNMARK is not set > > CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m > > # CONFIG_NETFILTER_XT_MATCH_CPU is not set > > # CONFIG_NETFILTER_XT_MATCH_DCCP is not set > > # CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set > > # CONFIG_NETFILTER_XT_MATCH_DSCP is not set > > # CONFIG_NETFILTER_XT_MATCH_ECN is not set > > # CONFIG_NETFILTER_XT_MATCH_ESP is not set > > # CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set > > # CONFIG_NETFILTER_XT_MATCH_HELPER is not set > > # CONFIG_NETFILTER_XT_MATCH_HL is not set > > # CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set > > # CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set > > # CONFIG_NETFILTER_XT_MATCH_L2TP is not set > > # CONFIG_NETFILTER_XT_MATCH_LENGTH is not set > > # CONFIG_NETFILTER_XT_MATCH_LIMIT is not set > > # CONFIG_NETFILTER_XT_MATCH_MAC is not set > > # CONFIG_NETFILTER_XT_MATCH_MARK is not set > > # CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set > > # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set > > # CONFIG_NETFILTER_XT_MATCH_OWNER is not set > > # CONFIG_NETFILTER_XT_MATCH_POLICY is not set > > # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set > > # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set > > # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set > > # CONFIG_NETFILTER_XT_MATCH_RATEEST is not set > > # CONFIG_NETFILTER_XT_MATCH_REALM is not set > > # CONFIG_NETFILTER_XT_MATCH_RECENT is not set > > # CONFIG_NETFILTER_XT_MATCH_SCTP is not set > > # CONFIG_NETFILTER_XT_MATCH_STATE is not set > > # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set > > # CONFIG_NETFILTER_XT_MATCH_STRING is not set > > # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set > > # CONFIG_NETFILTER_XT_MATCH_TIME is not set > > # CONFIG_NETFILTER_XT_MATCH_U32 is not set > > CONFIG_NF_DEFRAG_IPV4=m > > CONFIG_NF_CONNTRACK_IPV4=m > > # CONFIG_NF_SOCKET_IPV4 is not set > > # CONFIG_NF_DUP_IPV4 is not set > > # CONFIG_NF_LOG_ARP is not set > > CONFIG_NF_LOG_IPV4=m > > CONFIG_NF_REJECT_IPV4=m > > CONFIG_NF_NAT_IPV4=m > > CONFIG_NF_NAT_MASQUERADE_IPV4=m > > # CONFIG_NF_NAT_PPTP is not set > > # CONFIG_NF_NAT_H323 is not set > > CONFIG_NF_DEFRAG_IPV6=m > > CONFIG_NF_CONNTRACK_IPV6=m > > # CONFIG_NF_SOCKET_IPV6 is not set > > # CONFIG_NF_DUP_IPV6 is not set > > CONFIG_NF_REJECT_IPV6=m > > CONFIG_NF_LOG_IPV6=m > > CONFIG_NF_NAT_IPV6=m > > CONFIG_NF_NAT_MASQUERADE_IPV6=m > > > > What am I missing? Should I enable it some other way instead of using > > IMAGE_INSTALL_append? Do I need to enable more? > > > > It seems you built many netfilter features/drivers as modules and not > built-in in the kernel. When that is the case, you need to add the > modules to your image because Yocto does not do it for you. Yocto splits > each module in its own package. As a simple try, you can add the > kernel-modules package to your image, it is a package that pulls all > kernel module packages all at once. At least you'll know if there's > another issue before pinpointing the exact kernel module package names > you will want in your image (kernel-modules can be pretty big if you > don't have a "clean" defconfig with many unnecessary drivers built as > modules). > > Cheers, > Quentin > -- <https://lightyear.one/careers?utm_source=signature&utm_campaign=spotlightroles&utm_medium=email#vacancies> -- Automotive Campus 70 —5708 JZ Helmond, the Netherlands www.lightyear.one <https://lightyear.one/> <https://www.linkedin.com/company/lightyear.one/> This email may contain information which is privileged and/or confidential. If you received this e-mail in error, please notify us immediately by e-mail and delete the email without copying or disclosing its contents to any other person. Lightyear is a trade name of Atlas Technologies B.V. and is registered at the Dutch Chamber of Commerce under number 67264298.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#57716): https://lists.yoctoproject.org/g/yocto/message/57716 Mute This Topic: https://lists.yoctoproject.org/mt/92746852/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
