Running under Raspbian results in "netlink receive: operation not supported"

apernet / OpenGFW

OpenGFW is a flexible, easy-to-use, open source implementation of GFW (Great Firewall of China) on Linux

https://gfw.dev/

Mozilla Public License 2.0

9.31k stars 703 forks source link

Running under Raspbian results in "netlink receive: operation not supported" #129

Open Trigus42 opened 3 months ago

Trigus42 commented 3 months ago

Trying to run this on a RaspberryPi 4, I get the following error:

root@raspberrypi:~/OpenGFW# ./OpenGFW -l debug -c config.yaml rules.yaml
2024-04-10T20:14:05+02:00       INFO    engine started
2024-04-10T20:14:05+02:00       DEBUG   worker started  {"id": 1}
2024-04-10T20:14:05+02:00       DEBUG   worker started  {"id": 0}
2024-04-10T20:14:05+02:00       DEBUG   worker started  {"id": 2}
2024-04-10T20:14:05+02:00       DEBUG   worker started  {"id": 3}
2024-04-10T20:14:05+02:00       INFO    engine exited   {"error": "netlink receive: operation not supported"}
root@raspberrypi:~/OpenGFW# uname -a
Linux raspberrypi 6.6.25-v8+ #1753 SMP PREEMPT Wed Apr 10 17:38:05 BST 2024 aarch64 GNU/Linux

I'd guess this is some problem with the kernel. If that's the case, could you give me some hints as to which kernel options I need to enable or packages I have to install? If not, do you have an idea what could be the problem here?

haruue commented 3 months ago

This error is caused by the missing of nfnetlink_queue kernel module.

I have no experience with Raspbian, and I don't have a RaspberryPi. You may be able to find a third-party kernel with this kernel module, or try apt search to see if there are any additional kernel modules available.

If you'd like to build the kernel yourself, make sure you have following kernel config enabled.

# NFQUEUE
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NFT_QUEUE=m
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m

# Conntrack
CONFIG_NF_CONNTRACK=m
CONFIG_NFT_CT=m

# MARK
CONFIG_NETFILTER_XT_MARK=m
CONFIG_NETFILTER_XT_MATCH_MARK=m

# CONNMARK
CONFIG_NETFILTER_XT_CONNMARK=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m

Trigus42 commented 3 months ago

Unfortunately that doesn't seem to be the issue:

root@raspberrypi:~/OpenGFW# lsmod | grep nfnetlink_queue
nfnetlink_queue        24576  0
nfnetlink              20480  5 nfnetlink_queue,nft_compat,nf_conntrack_netlink,nf_tables
root@raspberrypi:~/OpenGFW# ./OpenGFW -l debug -c config.yaml rules.yaml
2024-04-11T20:01:49+02:00       INFO    engine started
2024-04-11T20:01:49+02:00       DEBUG   worker started  {"id": 0}
2024-04-11T20:01:49+02:00       DEBUG   worker started  {"id": 2}
2024-04-11T20:01:49+02:00       DEBUG   worker started  {"id": 1}
2024-04-11T20:01:49+02:00       DEBUG   worker started  {"id": 3}
2024-04-11T20:01:49+02:00       DEBUG   worker stopped  {"id": 1}
2024-04-11T20:01:49+02:00       DEBUG   worker stopped  {"id": 0}
2024-04-11T20:01:49+02:00       INFO    engine exited   {"error": "netlink receive: operation not supported"}
2024-04-11T20:01:49+02:00       DEBUG   worker stopped  {"id": 3}
2024-04-11T20:01:49+02:00       DEBUG   worker stopped  {"id": 2}