Error creating chain 1

[Vauhtipiru]

Enabling IPTables redirection for

• Chain name prefix : PADListener_CHAIN -> Chain name 1 : PADListener_CHAIN -> Chain name 2 : PADListener_CHAIN_OUTPUT
• Destinations : api-na-adr-pad.gungho.jp api-na-amz-pad.gungho.jp api-adr-pad.gungho.jp
• Excluded process id 10321 Creating Chain 1 /data/data/fr.neraud.padlistener/files/enable_iptables.sh[54]: /data/data/fr.neraud.padlistener/files/iptables: Permission denied Error creating Chain 1 !

I'm not sure if this issue has been addressed in any 'official' capacity, but I figured I'd bring it here and add some notes to see if it might help.

I ran into this issue after Verizon issued an OTA update which unrooted my phone (Samsung GS5, Android 4.4.2, stock ROM) and it couldn't be re-rooted by the usual means. Instead, I had to flash back to the pre-OTA build, re-root, then flash back to the current build.

Ever since then, the auto iptables method produces the error posted above. I glanced through a Reddit thread in which it was briefly spoken about, but it's been near a month with no updates or resolutions.

I don't understand much of it, but from what I read in the thread, there's an iptables file or folder that's supposed to be in the device files and I went and followed the mentioned path to find the file/folder, but nothing regarding iptables exists anywhere on my device.

That's all I know. Figured I'd add my input. It's unfortunate not being able to use the iptables method while out of the house, but all-in-all, I can't complain.

Great job on the app; it's very much appreciated and very well received by the community. Keep up the good work!

[Neraud]

This issue is a pain to investigate ;p We tried a bit on Reddit

The only way to test what goes wrong would be to input some commands manually in a terminal as root. This can be done either from a computer though ADB, or using a dedicated app on the device (but typing commands on a phone is a huge pain).

If you can, would you please try the following commands and provide the results :

1. cd /data/data/fr.neraud.padlistener/files
2. ./enable_iptables.sh ./ PADListenerChain api-na-adr-pad.gungho.jp 0
3. ./disable_iptables.sh ./ PADListenerChain
4. ./iptables

An example from my N7 is on pastebin (from line 46)

[Vauhtipiru]

I'll give it a shot when I get home; my phone's about to go the way of the dodo. On Aug 17, 2014 3:32 PM, "Neraud" notifications@github.com wrote:

This issue is a pain to investigate ;p We tried a bit on Reddit http://www.reddit.com/r/PuzzleAndDragons/comments/2al81k/padlistener_120_beta_available_should_work_with/cj3k3li

The only way to test what goes wrong would be to input some commands manually in a terminal as root. This can be done either from a computer though ADB, or using a dedicated app on the device (but typing commands on a phone is a huge pain).

If you can, would you please try the following commands and provide the results :

1. cd /data/data/fr.neraud.padlistener/files
2. ./enable_iptables.sh ./ PADListenerChain api-na-adr-pad.gungho.jp 0
3. ./disable_iptables.sh ./ PADListenerChain
4. ./iptables

An example from my N7 is on pastebin http://pastebin.com/CHAfKg7P (from line 46)

— Reply to this email directly or view it on GitHub https://github.com/Neraud/PADListener/issues/39#issuecomment-52437682.

[Neraud]

Another interesting test would be to install the app SandroProxy and try to start its capture. I use their library for the Listener part, and they also use iptables to route traffic to the proxy. If this app works, I've done something wrong.

[Vauhtipiru]

u0_a327@kltevzw:/ $ cd /data/data/fr.neraud.padlistener/files PADListenerChain api-na-adr-pad.gungho.jp 0 < /system/bin/sh: ./enable_iptables.sh: can't execute: Permission denied 126|u0_a327@kltevzw:/data/data/fr.neraud.padlistener/files $ ./disable_iptables.sh ./ PADListenerChain /system/bin/sh: ./disable_iptables.sh: can't execute: Permission denied 126|u0_a327@kltevzw:/data/data/fr.neraud.padlistener/files $ ./iptables /system/bin/sh: ./iptables: can't execute: Permission denied126|u0_a327@kltevzw:/data/data/fr.neraud.padli126|u0_a327@kltevzw:/data/data/fr.neraud.padlistener/files $

Did I do this right? It gave me permission denied errors for everything I did.

[Vauhtipiru]

Alrighty, I gave SandroProxy a shot. I'll admit I wasn't entirely sure what I was doing, but I glanced through the log and noticed it was getting the same permission denied error from anything regarding iptables.

So, I don't think it's anything wrong on your end, it's just something wonky for a couple people. Wish I were more capable at helping with this, but if you get any more ideas, I'd be happy to test them out. On Aug 17, 2014 3:45 PM, "Neraud" notifications@github.com wrote:

Another interesting test would be to install the app SandroProxy https://play.google.com/store/apps/details?id=org.sandroproxy and try to start its capture. I use their library for the Listener part, and they also use iptables to route traffic to the proxy. If this app works, I've done something wrong.

— Reply to this email directly or view it on GitHub https://github.com/Neraud/PADListener/issues/39#issuecomment-52437999.

[Neraud]

For your manual test, please switch to root user before, with the command su. I forgot to add it in my list.

Getting the same error from SandroProxy is kind of reassuring. That means I'm not totally crazy yet ;p

[Vauhtipiru]

u0_a327@kltevzw:/ $ su root@kltevzw:/ # cd /data/data/fr.neraud.padlistener/files ADListenerChain api-na-adr-pad.gungho.jp 0 < tmp-mksh: ./enable_iptables.sh: Text file busy 1|root@kltevzw:/data/data/fr.neraud.padlistener/files # ./disable_iptables.sh ./ PADListenerChain tmp-mksh: ./disable_iptables.sh: Text file busy 1|root@kltevzw:/data/data/fr.neraud.padlistener/files # ./iptables iptables v1.4.20: no command specified Try `iptables -h' or 'iptables --help' for more information. 2|root@kltevzw:/data/data/fr.neraud.padlistener/files #

Take two. Different result, at least. Maybe it'll help.

[Neraud]

Oh right, the "Text file busy" is a normal error when you try to launch manually the script after PADListener has run. PADListener copies the script at startup and keeps some kind of handle on the target file, I don't know why.

The iptables binary seems to work (at least with no parameters). You can try the following commands :

1. su
2. cd /data/data/fr.neraud.padlistener/files
3. ./iptables --new PADListener_CHAIN
4. ./iptables --delete-chain PADListener_CHAIN

If 3 outputs "permission denied", that would be the exact same issue as though the app, and that would confirm that the app calls the script correctly.

[Vauhtipiru]

I got through the entire process with no errors, though I didn't get any feedback during steps 3 and 4. Is it meant to do that? I mean, I guess what's important is that there was no error, yeah? Unless I did something wrong.

On Mon, Aug 18, 2014 at 2:02 PM, Neraud notifications@github.com wrote:

Oh right, the "Text file busy" is a normal error when you try to launch manually the script after PADListener has run. PADListener copies the script at startup and keeps some kind of handle on the target file, I don't know why.

The iptables binary seems to work (at least with no parameters). You can try the following commands :

1. su
2. cd /data/data/fr.neraud.padlistener/files
3. ./iptables --new PADListener_CHAIN
4. ./iptables --delete-chain PADListener_CHAIN

If 3 outputs "permission denied", that would be the exact same issue as though the app, and that would confirm that the app calls the script correctly.

— Reply to this email directly or view it on GitHub https://github.com/Neraud/PADListener/issues/39#issuecomment-52554652.

[Neraud]

Ok, so the binary works well when you launch it manually. That doesn't make much sense to me then ...

I'll look again in the code to try and find a mistake somewhere, but as the code works on many devices, it might be complicated to troubleshoot.

[Vauhtipiru]

Well, hopefully it gave you some kind of direction or helped in some way.

Either way, don't kill yourself over it! I'm happy enough that I can still use the app period, so I'm certainly not complaining. On Aug 18, 2014 2:36 PM, "Neraud" notifications@github.com wrote:

Ok, so the binary works well when you launch it manually. That doesn't make much sense to me then ...

I'll look again in the code to try and find a mistake somewhere, but as the code works on many devices, it might be complicated to troubleshoot.

— Reply to this email directly or view it on GitHub https://github.com/Neraud/PADListener/issues/39#issuecomment-52558883.

[Tito151]

I have this issue as well on my Samsung Galaxy S5. I was wondering if it could be related to the way some of the apps are only allowed access an 'emulated' file space. For example, some apps will only be able to access /storage/emulated/0/[data/data/data]. What command line app should I use? I suspect my results would be the same, but I'll try running your tests.

[Neraud]

A file system permission error would probably occur when installing the scripts, not when running them.

I have the same kind of emulated storage on my SGS4, and it works.

I've only seen reports on this issue by people using Samsung 4.4 ROM. My custom SGS4 (running 4.4 GE Rom) and other Samsungs running 4.3 work.

[Tito151]

Ah, so then the error is maybe being caused from something in SandraProxy's listener with Samsung 4.4+ roms? I'm on a 4.4.2 ROM from NTT DoCoMo. Currently, I can use the WiFi proxy though if I'm at home, so definitely null sweat on getting it worked out quickly. Thanks for a handy app!

[Morasta]

Just began running into this problem since the last update. I'm running a KitKat rom on a Sprint HTC One M7. The exact error is Script failed: Error creating Chain 1

Here's what the log shows

• Enabling IPTables redirection for
• - Chain name prefix : PADListener_CHAIN
• -> Chain name 1: PADListener_CHAIN
• -> Chain name 2: PADListener_CHAIN_OUTPUT
• - Destinations : api-na-amz-pad.gungho.jp api-na-adr.padsv.gungho.jp
• - Excluded process id 10211
• Creating Chain 1
• iptables: Chain already exists
• Error creating Chain 1 !

I'm also happy to try running your tests from earlier in the issue's thread. Would that be helpful?

[Morasta]

Seems okay again after the last update.

[Tito151]

Dang, made sure I was updated (using ver1.4.9) and just tried again myself, but it didn't work. I tried installing SandroProxy, but I'm not entirely sure what I'm doing with it, but I did notice that it is saying that a iptables_armv7 command is not found. Does that mean anything? Is there anything more specific that I should be trying to run with it? I also tried the su commands above through an Android Terminal app and did not receive an error creating and deleting a chain.

[Neraud]

@Morasta : I did not change anything proxy related in the last update. It's great if it's working, but I have no clue why ;p

@Tito151 : About the iptables_armv7 warning, was it a SandroProxy error or a PADListener one ?

[Tito151]

That was an error that I was seeing in SandroProxy logs. The error log output I get in PADListener is slightly similar to Morasta's error post a few posts up.

[Dalamar6]

Weird: my note 2 on stock can use it now. I think it's agni kernel that fixed it, but I'm not sure...

I just flashed http://teamuscellular.com/Forum/topic/7030-%E2%98%85%E2%98%9E-rom-touchwiz-t0lteuscdeodexed-%E2%80%93-deknoxed-debloated-r950usccne2442-%E2%98%9C%E2%98%85/ , booted it up, pulled battery then flashed the most up to date i605 agni.

[Tito151]

Well, I don't know what happened, but after updating to the latest version (the one with the Lollipop fixes) I just tried the auto IPTables listener again and it worked! I just was able to sync my PadHerder without using Auto WiFi mode.

[Tito151]

So after updating apps on my Kindle Fire HD 7 though, I started to get this issue. Really weird as it wasn't doing this before. However, I have been having another unrelated issue though on my Kindle with my PADherder so this might be tricky to troubleshoot. Will update if it happens to go away after future updates. EDIT: Clarified a sentence. Also, my Kindle Fire HD 7 is running an Amazon-based ROM (Kinology) on 4.0.x

[Dalamar6]

Far as I know, Android 5 officially incorporated Knox and tightened selinux permissions. (which is likely what was causing crap on Samsung firmware)

If agni kernel is available for the device, give it a shot. (it disables selinux) If not, install an older CM version. New cm versions (since Aug or Sept I think, not sure) won't run PAD for some reason.

[Neraud]

To be compatible with Lollipop, I had to update the iptables binary (to a Position-Independent Executables version). Maybe it fixed some issues occurring on Samsung devices.