Kernel config requirements? conn.Receive: netlink receive: operation not supported

Question

Kernel config requirements? conn.Receive: netlink receive: operation not supported

prologic opened this issue 2 years ago · 1 comments

Is anyone here familiar with the required Linux Kernel config to setup and enable NFTables and Netlink correctly? I seem to have broken my Kernel config, and having a hard time hunting down what I'm missing 😅 Here's an strace, but it doesn't seem to help me figure out why I get an EINVAL error from interacting with the Netlink socket :/

bind(3, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, nl_pid=160, nl_groups=00000000}, [112->12]) = 0
sendmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base=[{{len=20, type=0x10 /* NLMSG_??? */, flags=NLM_F_REQUEST, seq=835770209, pid=160}, "\x00\x00\x00\x0a"}, {{len=20, type=0xa02 /* NLMSG_??? */, flags=NLM_F_REQUEST|NLM_F_ACK|0x400, seq=835770210, pid=160}, "\x00\x00\x00\x00"}, {{len=36, type=0xa00 /* NLMSG_??? */, flags=NLM_F_REQUEST|NLM_F_ACK|0x400, seq=835770211, pid=160}, "\x02\x00\x00\x00\x08\x00\x01\x00\x6e\x61\x74\x00\x08\x00\x02\x00\x00\x00\x00\x00"}, {{len=20, type=0x11 /* NLMSG_??? */, flags=NLM_F_REQUEST, seq=835770212, pid=160}, "\x00\x00\x00\x0a"}], iov_len=96}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 96
futex(0x5a6c78, FUTEX_WAKE_PRIVATE, 1)  = 1
recvmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=112->12, msg_iov=[{iov_base={{len=40, type=NLMSG_ERROR, flags=0, seq=835770209, pid=160}, {error=-EOPNOTSUPP, msg={{len=20, type=0x10 /* NLMSG_??? */, flags=NLM_F_REQUEST, seq=835770209, pid=160}, "\x00\x00\x00\x0a"}}}, iov_len=4096}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_PEEK) = 40
recvmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=112->12, msg_iov=[{iov_base={{len=40, type=NLMSG_ERROR, flags=0, seq=835770209, pid=160}, {error=-EOPNOTSUPP, msg={{len=20, type=0x10 /* NLMSG_??? */, flags=NLM_F_REQUEST, seq=835770209, pid=160}, "\x00\x00\x00\x0a"}}}, iov_len=4096}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 40
futex(0x5a6c78, FUTEX_WAKE_PRIVATE, 1)  = 1
openat(AT_FDCWD, "/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/local/Cellar/go/1.19.1/libexec/lib/time/zoneinfo.zip", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "2022/09/14 23:38:52 error flushi"..., 982022/09/14 23:38:52 error flushing tables: conn.Receive: netlink receive: operation not supported
) = 98
exit_group(1)                           = ?
+++ exited with 1 +++

Answer 1 · 2022-09-15T03:32:57.000Z

Apparently I screwed up the Kernel config somehow and some configuration went missing 😅

For anyone that ever runs into this you need a config like (See: https://git.mills.io/prologic/gonix/pulls/24/files):

CONFIG_NF_CONNTRACK=y
CONFIG_NF_LOG_SYSLOG=y
CONFIG_NF_CONNTRACK_SECMARK=y
CONFIG_NF_CONNTRACK_PROCFS=y
CONFIG_NF_CONNTRACK_FTP=y
CONFIG_NF_CONNTRACK_IRC=y
CONFIG_NF_CONNTRACK_SIP=y
CONFIG_NF_CT_NETLINK=y
CONFIG_NF_NAT=y
CONFIG_NF_NAT_FTP=y
CONFIG_NF_NAT_IRC=y
CONFIG_NF_NAT_SIP=y
CONFIG_NF_NAT_MASQUERADE=y
CONFIG_NF_TABLES=y
CONFIG_NF_DEFRAG_IPV4=y
CONFIG_NF_TABLES_IPV4=y
CONFIG_NF_LOG_ARP=y
CONFIG_NF_LOG_IPV4=y
CONFIG_NF_REJECT_IPV4=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_MANGLE=y
CONFIG_NF_REJECT_IPV6=y
CONFIG_NF_LOG_IPV6=y
CONFIG_IP6_NF_IPTABLES=y
CONFIG_IP6_NF_MATCH_IPV6HEADER=y
CONFIG_IP6_NF_FILTER=y
CONFIG_IP6_NF_TARGET_REJECT=y
CONFIG_IP6_NF_MANGLE=y
CONFIG_NF_DEFRAG_IPV6=y
CONFIG_NF_TABLES_BRIDGE=y