Modify

Opened 2 years ago

Last modified 19 months ago

#20663 new defect

nf_tee.ko missing in kmod-ipt-tee

Reported by: dev-openwrt-org@… Owned by: developers
Priority: normal Milestone:
Component: packages Version: Chaos Calmer 15.05
Keywords: kmod-ipt-tee iptables Cc:

Description

On my device, running CHAOS CALMER (15.05, r46767, https://downloads.openwrt.org/chaos_calmer/15.05/ramips/rt3883/openwrt-15.05-ramips-rt3883-rt-n56u-squashfs-sysupgrade.bin), I'm trying to get iptables TEE to work. Like so:

# iptables -t mangle -A PREROUTING -s 192.168.1.10 -j TEE --gateway 192.168.1.11

iptables v1.4.21: unknown option "--gateway"
Try `iptables -h' or 'iptables --help' for more information.

According to the iptables-extensions man page --gateway is a valid argument for the TEE target.

To enable support for TEE in OpenWRT I installed the kmod-ipt-tee package, like so:

# opkg install kmod-ipt-tee

Installing kmod-ipt-tee (3.18.20-1) to root...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ramips/rt3883/packages/base/kmod-ipt-tee_3.18.20-1_ramips_24kec.ipk.
Configuring kmod-ipt-tee.
failed to find a module named nf_tee

Please note the failure to load the nf_tee module. The same error also persists when running the iptables command. The following suggests to me that the module should be available:

# cat /etc/modules.d/ipt-tee

nf_tee
xt_TEE

But it is not:

# ls /lib/modules/3.18.20/ | grep -i tee

xt_TEE.ko

The following packages are installed:

# opkg list-installed

base-files - 157-r46767
busybox - 1.23.2-1
dnsmasq - 2.73-1
dropbear - 2015.67-1
firewall - 2015-07-27
fstools - 2015-05-24-09027fc86babc3986027a0e677aca1b6999a9e14
hostapd-common - 2015-03-25-1
ip6tables - 1.4.21-1
iptables - 1.4.21-1
iw - 3.17-1
jshn - 2015-06-14-d1c66ef1131d14f0ed197b368d03f71b964e45f8
jsonfilter - 2014-06-19-cdc760c58077f44fc40adbbe41e1556a67c1b9a9
kernel - 3.18.20-1-7b6dda72d602ec4f38d4d92805f8017c
kmod-cfg80211 - 3.18.20+2015-03-09-3
kmod-crypto-aes - 3.18.20-1
kmod-crypto-arc4 - 3.18.20-1
kmod-crypto-core - 3.18.20-1
kmod-eeprom-93cx6 - 3.18.20-1
kmod-gpio-button-hotplug - 3.18.20-1
kmod-ip6tables - 3.18.20-1
kmod-ipt-conntrack - 3.18.20-1
kmod-ipt-core - 3.18.20-1
kmod-ipt-nat - 3.18.20-1
kmod-ipt-tee - 3.18.20-1
kmod-ipv6 - 3.18.20-1
kmod-leds-gpio - 3.18.20-1
kmod-lib-crc-ccitt - 3.18.20-1
kmod-lib-crc-itu-t - 3.18.20-1
kmod-mac80211 - 3.18.20+2015-03-09-3
kmod-nf-conntrack - 3.18.20-1
kmod-nf-conntrack6 - 3.18.20-1
kmod-nf-ipt - 3.18.20-1
kmod-nf-ipt6 - 3.18.20-1
kmod-nf-nat - 3.18.20-1
kmod-nf-nathelper - 3.18.20-1
kmod-nls-base - 3.18.20-1
kmod-ppp - 3.18.20-1
kmod-pppoe - 3.18.20-1
kmod-pppox - 3.18.20-1
kmod-rt2800-lib - 3.18.20+2015-03-09-3
kmod-rt2800-mmio - 3.18.20+2015-03-09-3
kmod-rt2800-pci - 3.18.20+2015-03-09-3
kmod-rt2800-soc - 3.18.20+2015-03-09-3
kmod-rt2x00-lib - 3.18.20+2015-03-09-3
kmod-rt2x00-mmio - 3.18.20+2015-03-09-3
kmod-rt2x00-pci - 3.18.20+2015-03-09-3
kmod-slhc - 3.18.20-1
kmod-tun - 3.18.20-1
kmod-usb-core - 3.18.20-1
kmod-usb-ohci - 3.18.20-1
kmod-usb2 - 3.18.20-1
libblobmsg-json - 2015-06-14-d1c66ef1131d14f0ed197b368d03f71b964e45f8
libc - 0.9.33.2-1
libgcc - 4.8-linaro-1
libip4tc - 1.4.21-1
libip6tc - 1.4.21-1
libiwinfo - 2015-06-01-ade8b1b299cbd5748db1acf80dd3e9f567938371
libiwinfo-lua - 2015-06-01-ade8b1b299cbd5748db1acf80dd3e9f567938371
libjson-c - 0.12-1
libjson-script - 2015-06-14-d1c66ef1131d14f0ed197b368d03f71b964e45f8
liblua - 5.1.5-1
liblzo - 2.08-1
libnl-tiny - 0.1-4
libopenssl - 1.0.2d-1
libubox - 2015-06-14-d1c66ef1131d14f0ed197b368d03f71b964e45f8
libubus - 2015-05-25-f361bfa5fcb2daadf3b160583ce665024f8d108e
libubus-lua - 2015-05-25-f361bfa5fcb2daadf3b160583ce665024f8d108e
libuci - 2015-04-09.1-1
libuci-lua - 2015-04-09.1-1
libxtables - 1.4.21-1
lua - 5.1.5-1
luci - git-15.248.30277-3836b45-1
luci-app-firewall - git-15.248.30277-3836b45-1
luci-base - git-15.248.30277-3836b45-1
luci-lib-ip - git-15.248.30277-3836b45-1
luci-lib-nixio - git-15.248.30277-3836b45-1
luci-mod-admin-full - git-15.248.30277-3836b45-1
luci-proto-ipv6 - git-15.248.30277-3836b45-1
luci-proto-ppp - git-15.248.30277-3836b45-1
luci-theme-bootstrap - git-15.248.30277-3836b45-1
mtd - 21
netifd - 2015-06-08-8795f9ef89626cd658f615c78c6a17e990c0dcaa
odhcp6c - 2015-07-13-024525798c5f6aba3af9b2ef7b3af2f3c14f1db8
odhcpd - 2015-05-21-2ebf6c8216287983779c8ec6597d30893b914a7c
openvpn-openssl - 2.3.6-5
opkg - 9c97d5ecd795709c8584e972bfdf3aee3a5b846d-7
ppp - 2.4.7-6
ppp-mod-pppoe - 2.4.7-6
procd - 2015-08-16-0da5bf2ff222d1a499172a6e09507388676b5a08
rpcd - 2015-05-17-3d655417ab44d93aad56a6d4a668daf24b127b84
swconfig - 10
ubox - 2015-07-14-907d046c8929fb74e5a3502a9498198695e62ad8
ubus - 2015-05-25-f361bfa5fcb2daadf3b160583ce665024f8d108e
ubusd - 2015-05-25-f361bfa5fcb2daadf3b160583ce665024f8d108e
uci - 2015-04-09.1-1
uhttpd - 2015-08-17-f91788b809d9726126e9cf4384fedbbb0c5b8a73
uhttpd-mod-ubus - 2015-08-17-f91788b809d9726126e9cf4384fedbbb0c5b8a73
usign - 2015-05-08-cf8dcdb8a4e874c77f3e9a8e9b643e8c17b19131
wpad-mini - 2015-03-25-1
zlib - 1.2.8-1

Attachments (0)

Change History (6)

comment:1 Changed 2 years ago by dev-openwrt-org@…

I looked at the kmod-ipt-tee_3.18.20-1-package for other architectures and they also had nf_tee listed in /etc/modules.d/ipt-tee and that file absent from /lib/modules/3.18.20/. This should make it easy for someone with another router model to test if this is related to the --gateway keyword not being recognized.

I also had a look at this package from the earlier Barrier Breaker 14.07 release and it did not list nf_tee in /etc/modules.d/ipt-tee .

comment:2 Changed 2 years ago by dev-openwrt-org@…

Found the source of the --gateway problem, it was a PEBKAC. I needed to have the iptables-mod-tee package installed too.

For the record, iptables-mod-tee_1.4.21-1_ramips_24kec.ipk also does not provide any nf_tee module and I still consider it a valid bug that kmod-ipt-tee lists it. I certainly lead me down the garden path.

comment:3 Changed 2 years ago by marc-o

Hey all, am I glad I found this thread. I would just like to confirm that I too am facing with the same issue where it complains about failing to find nf_tee.

root@OpenWrt:~# insmod nf_tee
Failed to find nf_tee. Maybe it is a built in module ?
root@OpenWrt:~# cat /etc/modules.d/ipt-tee
nf_tee
xt_TEE
root@OpenWrt:~#   
root@OpenWrt:~# ls /lib/modules/3.18.20/ | grep -i tee
xt_TEE.ko
root@OpenWrt:~#                


root@OpenWrt:~# lsmod | grep tee
root@OpenWrt:~#                                
root@OpenWrt:~# insmod xt_TEE
module is already loaded - xt_TEE
root@OpenWrt:~#         
root@OpenWrt:~# uname -a
Linux OpenWrt 3.18.20 #1 Fri Sep 4 21:55:57 CEST 2015 mips GNU/Linux
root@OpenWrt:~#                         

I am on Chaos Calmer 15.05 using TP-Link TL-WDR4300 and no, it's not a PABKAC for me (at least not as far as I can tell). The problem form me is that when I try to modify the rules using the following lines:

root@OpenWrt:~# uname -a
Linux OpenWrt 3.18.20 #1 Fri Sep 4 21:55:57 CEST 2015 mips GNU/Linux
root@OpenWrt:~# iptables -A POSTROUTING -t mangle -o br-lan ! -s 192.168.1.100 -j TEE --gateway 192.168.1.101
root@OpenWrt:~# iptables -A PREROUTING -t mangle -i br-lan ! -d 192.168.1.100 -j TEE --gateway 192.168.1.101
root@OpenWrt:~#  

Then when I run iptables -L

I am not seeing the entries. Please address this. I want to capture the traffic from my network.

comment:4 Changed 2 years ago by marc-o

Ok it turns out the problem is with the IPK file - nf_tee is not included in the archive. Hence it is not installed.

See below:

$ tar -tvf kmod-ipt-tee_3.18.20-1_ramips_24kec.ipk
-rw-r--r-- buildbot/buildbot 4 2015-09-05 03:27 ./debian-binary
-rw-r--r-- buildbot/buildbot 2056 2015-09-05 03:27 ./data.tar.gz
-rw-r--r-- buildbot/buildbot  581 2015-09-05 03:27 ./control.tar.gz

$ tar -ztvf data.tar.gz
drwxr-xr-x root/root         0 2015-09-05 03:27 ./
drwxr-xr-x root/root         0 2015-09-05 03:27 ./lib/
drwxr-xr-x root/root         0 2015-09-05 03:27 ./lib/modules/
drwxr-xr-x root/root         0 2015-09-05 03:27 ./lib/modules/3.18.20/
-rw-r--r-- root/root      4408 2015-09-05 03:27 ./lib/modules/3.18.20/xt_TEE.ko
drwxr-xr-x root/root         0 2015-09-05 03:27 ./etc/
drwxr-xr-x root/root         0 2015-09-05 03:27 ./etc/modules.d/
-rw-r--r-- root/root        14 2015-09-05 03:27 ./etc/modules.d/ipt-tee

As you can see there is only:

-rw-r--r-- root/root      4408 2015-09-05 03:27 ./lib/modules/3.18.20/xt_TEE.ko

comment:5 Changed 19 months ago by anonymous

Hi, is this problem solved? Because I have same problem here.

comment:6 Changed 19 months ago by Jonas

Hi, I'm the original poster of this bug. If you're having the same issue all you need to do is to make sure you have both kmod-ipt-tee and iptables-mod-tee installed, have you done this?

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.