search

Lochnair / xt_tls

Filter TLS traffic with IPtables
GNU General Public License v3.0
230 stars 46 forks source link

iptables v1.6.0: Couldn't load match `tls':No such file or directory #23

Closed maleimachao closed 5 years ago

maleimachao commented 5 years ago

Dear: I'm tying to install xt_tls by DKMS Installation method. After install sucess, i try sudo iptables -A OUTPUT -p tcp --dport 443 -m tls --tls-host "www.facebook.com" -j DROP but the error is: iptables v1.6.0: Couldn't load match `tls':No such file or directory. Is something wrong with my process?

  1. install linux header sudo apt install linux-headers-$(uname -r) eading package lists... Done Building dependency tree
    Reading state information... Done linux-headers-4.4.0-130-generic is already the newest version (4.4.0-130.156). linux-headers-4.4.0-130-generic set to manually installed. 0 upgraded, 0 newly installed, 0 to remove and 207 not upgraded.

  2. install iptables-dev sudo apt install iptables-dev Reading package lists... Done Building dependency tree
    Reading state information... Done The following NEW packages will be installed: iptables-dev 0 upgraded, 1 newly installed, 0 to remove and 207 not upgraded. Need to get 55.5 kB of archives. After this operation, 284 kB of additional disk space will be used. Get:1 http://mirrors.tencentyun.com/ubuntu xenial/main amd64 iptables-dev amd64 1.6.0-2ubuntu3 [55.5 kB] Fetched 55.5 kB in 0s (735 kB/s)
    Selecting previously unselected package iptables-dev. (Reading database ... 66624 files and directories currently installed.) Preparing to unpack .../iptables-dev_1.6.0-2ubuntu3_amd64.deb ... Unpacking iptables-dev (1.6.0-2ubuntu3) ... Setting up iptables-dev (1.6.0-2ubuntu3) ...

3.install dkms sudo apt install dkms Reading package lists... Done Building dependency tree
Reading state information... Done The following NEW packages will be installed: dkms 0 upgraded, 1 newly installed, 0 to remove and 207 not upgraded. Need to get 66.3 kB of archives. After this operation, 265 kB of additional disk space will be used. Get:1 http://mirrors.tencentyun.com/ubuntu xenial-updates/main amd64 dkms all 2.2.0.3-2ubuntu11.5 [66.3 kB] Fetched 66.3 kB in 0s (754 kB/s) Selecting previously unselected package dkms. (Reading database ... 66668 files and directories currently installed.) Preparing to unpack .../dkms_2.2.0.3-2ubuntu11.5_all.deb ... Unpacking dkms (2.2.0.3-2ubuntu11.5) ... Processing triggers for man-db (2.7.5-1) ... Setting up dkms (2.2.0.3-2ubuntu11.5) ...

  1. sudo make dkms-install . ./dkms.conf; \ mkdir /usr/src/${PACKAGE_NAME}-${PACKAGE_VERSION}; \ cp -r * /usr/src/${PACKAGE_NAME}-${PACKAGE_VERSION}; \ dkms add -m ${PACKAGE_NAME} -v ${PACKAGE_VERSION}; \ dkms build -m ${PACKAGE_NAME} -v ${PACKAGE_VERSION}; \ dkms install -m ${PACKAGE_NAME} -v ${PACKAGE_VERSION}

Creating symlink /var/lib/dkms/xt_tls/0.2/source -> /usr/src/xt_tls-0.2

DKMS: add completed.

Kernel preparation unnecessary for this kernel. Skipping...

Building module: cleaning build area.... make KERNELRELEASE=4.4.0-130-generic KERNELDIR=/lib/modules/4.4.0-130-generic/build.... cleaning build area....

DKMS: build completed.

xt_tls: Running module version sanity check.

Running the post_install script: make[1]: Entering directory '/usr/src/xt_tls-0.2/ipt' cc -I../src -fPIC -c -o libxt_tls.o libxt_tls.c cc -shared -o libxt_tls.so libxt_tls.o; rm libxt_tls.o make[1]: Leaving directory '/usr/src/xt_tls-0.2/ipt' make[1]: Entering directory '/usr/src/xt_tls-0.2/ipt' make[1]: pkg-config: Command not found install -D -v -m 644 libxt_tls.so / 'libxt_tls.so' -> '/libxt_tls.so' make[1]: Leaving directory '/usr/src/xt_tls-0.2/ipt'

depmod.....

Backing up initrd.img-4.4.0-130-generic to /boot/initrd.img-4.4.0-130-generic.old-dkms Making new initrd.img-4.4.0-130-generic (If next boot fails, revert to initrd.img-4.4.0-130-generic.old-dkms image) update-initramfs..........

DKMS: install completed.

  1. iptables commmand sudo iptables -A OUTPUT -p tcp --dport 443 -m tls --tls-host "www.facebook.com" -j DROP iptables v1.6.0: Couldn't load match `tls':No such file or directory

6.my environment linux kernel 4.4.0-130-generic ubuntu 16.04 iptables:1.6.0

thanks

Lochnair commented 5 years ago

make[1]: pkg-config: Command not found install -D -v -m 644 libxt_tls.so / 'libxt_tls.so' -> '/libxt_tls.so'

This is why. Without pkg-config the Makefile can't figure out where to install the iptables library, so you need to install the pkg-config package.

I'll add a check to the Makefile so it'll complain if pkg-config is missing.

maleimachao commented 5 years ago

Makefile so it'll complain if pkg-config is missing.

Thans. But after i install the pkg-config and run sudo make dkms-install ,the 'Makefile:23: *** pkg-config binary not found. Stop.' error still happeded. The pkg-config has installed successful. which pkg-config /usr/bin/pkg-config

Lochnair commented 5 years ago

Yeah it seems I broke the Makefile completely with that stuff. I've removed the test for now, until I figure out the Make weirdness.