search

sjtuross / syno-iptables

Some missing iptables modules for Synology
188 stars 23 forks source link

DS918+有几个模块无法加载,提示Unknown symbol in module #9

Closed yhboss closed 2 years ago

yhboss commented 2 years ago

DSM7.0.1 内核4.4.180+ insmod: ERROR: could not insert module /lib/modules/ip6table_nat.ko: Unknown symbol in module

insmod: ERROR: could not insert module /lib/modules/ip6table_raw.ko: Unknown symbol in module

insmod: ERROR: could not insert module /lib/modules/ip6table_mangle.ko: Unknown symbol in module 是因为有什么依赖模块没加载吗?

sjtuross commented 2 years ago

这个错一般就是指缺少依赖。你是按照下面的次序加载的吗?有些是系统自带的,但必须按依赖次序加载

insmod /lib/modules/nf_nat_ipv6.ko
insmod /lib/modules/nf_nat_masquerade_ipv6.ko
insmod /lib/modules/ip6t_MASQUERADE.ko
insmod /lib/modules/ip6table_nat.ko
insmod /lib/modules/ip6table_raw.ko
insmod /lib/modules/ip6table_mangle.ko

如果还不行,运行dmesg | tail看下相关日志

yhboss commented 2 years ago

这个错一般就是指缺少依赖。你是按照下面的次序加载的吗?有些是系统自带的,但必须按依赖次序加载

insmod /lib/modules/nf_nat_ipv6.ko
insmod /lib/modules/nf_nat_masquerade_ipv6.ko
insmod /lib/modules/ip6t_MASQUERADE.ko
insmod /lib/modules/ip6table_nat.ko
insmod /lib/modules/ip6table_raw.ko
insmod /lib/modules/ip6table_mangle.ko

如果还不行,运行dmesg | tail看下相关日志

是按照这个顺序加载的,运行dmesg | tail结果如下

root@DSTX:~# dmesg | tail
[ 1385.058707] ip6table_nat: Unknown symbol ip6t_alloc_initial_table (err 0)
[ 1385.066040] ip6table_nat: Unknown symbol ip6t_do_table (err 0)
[ 1385.077893] ip6table_raw: Unknown symbol ip6t_unregister_table (err 0)
[ 1385.084949] ip6table_raw: Unknown symbol ip6t_register_table (err 0)
[ 1385.091799] ip6table_raw: Unknown symbol ip6t_alloc_initial_table (err 0)
[ 1385.099082] ip6table_raw: Unknown symbol ip6t_do_table (err 0)
[ 1388.233176] ip6table_mangle: Unknown symbol ip6t_unregister_table (err 0)
[ 1388.240548] ip6table_mangle: Unknown symbol ip6t_register_table (err 0)
[ 1388.247689] ip6table_mangle: Unknown symbol ip6t_alloc_initial_table (err 0)
[ 1388.255336] ip6table_mangle: Unknown symbol ip6t_do_table (err 0)
yhboss commented 2 years ago

搞定了,发现是我的群晖的ip6_tables.ko模块没有加载,先加载一下这个模块之后,那三个模块加载上了,但是加载后docker还是不能启动,日志如下:

root@DSTX:~# tail /var/log/Docker/docker.log                                    2022-03-31T13:13:51+08:00 DSTX docker[16650]: time="2022-03-31T13:13:51.492611432+08:00" level=warning msg="Your kernel does not support CPU realtime scheduler"2022-03-31T13:13:51+08:00 DSTX docker[16650]: time="2022-03-31T13:13:51.492619000+08:00" level=warning msg="Your kernel does not support cgroup blkio weight"
2022-03-31T13:13:51+08:00 DSTX docker[16650]: time="2022-03-31T13:13:51.492626713+08:00" level=warning msg="Your kernel does not support cgroup blkio weight_device"
2022-03-31T13:13:51+08:00 DSTX docker[16650]: time="2022-03-31T13:13:51.492634522+08:00" level=warning msg="Your kernel does not support cgroup blkio throttle.read_bps_device"
2022-03-31T13:13:51+08:00 DSTX docker[16650]: time="2022-03-31T13:13:51.492642976+08:00" level=warning msg="Your kernel does not support cgroup blkio throttle.write_bps_device"
2022-03-31T13:13:51+08:00 DSTX docker[16650]: time="2022-03-31T13:13:51.492652953+08:00" level=warning msg="Your kernel does not support cgroup blkio throttle.read_iops_device"
2022-03-31T13:13:51+08:00 DSTX docker[16650]: time="2022-03-31T13:13:51.492661251+08:00" level=warning msg="Your kernel does not support cgroup blkio throttle.write_iops_device"
2022-03-31T13:13:51+08:00 DSTX docker[16650]: time="2022-03-31T13:13:51.492675880+08:00" level=warning msg="Unable to find pids cgroup in mounts"
2022-03-31T13:13:52+08:00 DSTX docker[16650]: time="2022-03-31T13:13:52.360171499+08:00" level=warning msg="could not create bridge network for id 462820f9cc7290b46618ff07847789705b72d14c79c90e7644c3250e0d468dcc bridge name docker0 while booting up from persistent state: Failed to Setup IP tables: Unable to enable NAT rule:  (iptables failed: ip6tables --wait -t nat -I POSTROUTING -s fd00::1:0:0:0/80 ! -o docker0 -j MASQUERADE: ip6tables v1.8.3 (legacy): Couldn't load target `MASQUERADE':No such file or directory\n\nTry `ip6tables -h' or 'ip6tables --help' for more information.\n (exit status 2))"
2022-03-31T13:13:52+08:00 DSTX docker[16650]: time="2022-03-31T13:13:52.395081395+08:00" level=warning msg="could not create bridge network for id 456ae64c0ef7051d3827822afd3cf35d646a4ab65de35a2ca12511bcb2d61431 bridge name docker-456ae64c while booting up from persistent state: Failed to Setup IP tables: Unable to enable NAT rule:  (iptables failed: ip6tables --wait -t nat -I POSTROUTING -s fd00::2:0:0:0/80 ! -o docker-456ae64c -j MASQUERADE: ip6tables v1.8.3 (legacy): Couldn't load target `MASQUERADE':No such file or directory\n\nTry `ip6tables -h' or 'ip6tables --help' for more information.\n (exit status 2))"
sjtuross commented 2 years ago

ip6_tables.ko默认就应该被Docker package加载的,在这个文件中/usr/syno/etc.defaults/iptables_modules_list,这个环境变量IPV6_MODULES定义的,然后被/var/packages/Docker/scripts/start-stop-status引用,你检查一下修改过的相关文件

出错信息说Couldn't load target `MASQUERADE',感觉是ip6t_MASQUERADE.ko这个没有加载

默认安装,按照我的Wiki做,应该是没问题的

P.S. 另外确保so模块也已经安装至/usr/lib/iptables/,不需要加载,ip6tables会需要调用

yhboss commented 2 years ago

我现在是手动加载的,晚上回去修改/var/packages/Docker/scripts/start-stop-status试一下,谢谢大佬!

yhboss commented 2 years ago

试过了还是那样,并且ip6t_MASQUERADE.ko已加载

root@DSTX:~# lsmod
Module                  Size  Used by
nfnetlink               5744  0
xfrm_user              24256  0
xfrm_algo               5287  1 xfrm_user
ip6table_mangle         1724  0
ip6table_raw            1280  0
ip6table_nat            1600  1
ip6t_MASQUERADE         1088  0

是libipt_MASQUERADE.so文件有问题吗?

image 为啥4.4.59内核里有libip6t_xxx.so呢

sjtuross commented 2 years ago

你找到原因了,等会儿我来补libip6t相关so模块

sjtuross commented 2 years ago

补好了 https://github.com/sjtuross/syno-iptables/tree/master/apollolake/kernel-4.4.180/so

yhboss commented 2 years ago

补好了 https://github.com/sjtuross/syno-iptables/tree/master/apollolake/kernel-4.4.180/so

终于好了,拜谢大佬!!

Windman1320 commented 11 months ago

DS 920+ 也遇到此问题,大佬有空能补一下么