Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bad iptables command on Ubuntu 22 LTS #285

Closed
krizhanovsky opened this issue Aug 17, 2022 · 2 comments
Closed

Bad iptables command on Ubuntu 22 LTS #285

krizhanovsky opened this issue Aug 17, 2022 · 2 comments
Assignees
@RomanBelozerov
Labels
bug Something isn't working Infrastructure The framework reworking and extensions
Milestone
Tempesta FW 0.7

Comments

@krizhanovsky
Copy link
Contributor 

ERROR: test_chains (http_rules.test_http_tables.HttpTablesTestMarkRules)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/root/tempesta-test/helpers/remote.py", line 96, in run_cmd
    assert p.returncode == 0, \
AssertionError: Cmd: 'iptables -t mangle -A PREROUTING -p tcp -j MARK --set-mark 1' return code is not 0 (4).

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/root/tempesta-test/http_rules/test_http_tables.py", line 376, in test_chains
    self.set_nf_mark(mark)
  File "/root/tempesta-test/http_rules/test_http_tables.py", line 347, in set_nf_mark
    remote.tempesta.run_cmd(cmd, timeout=30)
  File "/root/tempesta-test/helpers/remote.py", line 104, in run_cmd
    raise CmdError(f"Сmd {cmd} exited with return code {p.returncode}",
helpers.remote.CmdError: ('Сmd iptables -t mangle -A PREROUTING -p tcp -j MARK --set-mark 1 exited with return code 4', b'', b'iptables v1.8.7 (nf_tables):  CHAIN_ADD failed (Operation not supported): chain PREROUTING\n', 4)

----------------------------------------------------------------------
Ran 1 test in 4.225s

FAILED (errors=1)

# iptables -t mangle -A PREROUTING -p tcp -j MARK --set-mark 1
iptables v1.8.7 (nf_tables):  CHAIN_ADD failed (Operation not supported): chain PREROUTING
root@ubuntu:~/tempesta-test# cat /etc/issue
Ubuntu 22.04 LTS \n \l
@krizhanovsky krizhanovsky added bug Something isn't working Infrastructure The framework reworking and extensions labels Aug 17, 2022
@krizhanovsky krizhanovsky added this to the Tempesta 0.7 milestone Aug 17, 2022
@krizhanovsky krizhanovsky mentioned this issue Sep 4, 2022
Merged
@RomanBelozerov RomanBelozerov self-assigned this May 29, 2023
@krizhanovsky
Copy link
Contributor Author

I tested the iptables command on vanilla Ubuntu kernel and it works fine, so it seems the problem is in the Tempesta kernel config, which I used. I'm attaching the config.
285-linux-config.txt

The problem with the issue is that we clearly have dependence on a Linux kernel module (iptables/netfilter?), but https://github.com/tempesta-tech/tempesta/wiki/Install-from-Sources#configure-kernel does not specify the requirement. So need to explore which module is missed and add it to the doc.

@RomanBelozerov
Copy link
Contributor

I added dependencies to documentation. The problem is missing CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_IPV6 and CONFIG_NF_TABLES

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RomanBelozerov RomanBelozerov

Labels
bug Something isn't working Infrastructure The framework reworking and extensions
Projects
None yet
Milestone
Tempesta FW 0.7
Development

No branches or pull requests
2 participants
@krizhanovsky @RomanBelozerov