[Dnsmasq-discuss] Compile with HAVE_IPSET on kernel 3.0.x problem
Punk[D.M]
punkdm at gmail.com
Sun Feb 16 06:51:55 UTC 2014
This is my modules loaded:
[RT-N56U:/opt/home/admin]$ lsmod
Module Size Used by
xt_set 4800 1
ip_set_list_set 7408 0
ip_set_bitmap_ip 6720 0
ip_set_hash_net 21056 0
ip_set_hash_ip 16432 1
ip_set 21904 5
xt_set,ip_set_list_set,ip_set_bitmap_ip,ip_set_hash_net,ip_set_hash_ip
nfnetlink 1904 1 ip_set
hw_nat 36368 0
nf_nat_ftp 1152 0
nf_conntrack_ftp 5072 1 nf_nat_ftp
usblp 9552 0
ext4 275504 2
jbd2 50944 1 ext4
mbcache 4272 1 ext4
rt3090_ap 604400 0
usb_storage 30912 3
rt2860v2_ap 620896 0
ohci_hcd 15776 0
ehci_hcd 34000 0
2014-02-16 5:56 GMT+08:00 Hartmut Krafft <hartmut at mail.ru>:
> I don't have such raw sockets here and the ipset works regardless.
> Did you check that the modules are installed?
>
> $ lsmod
> Module Size Used by
> xt_set 5293 2
> iptable_filter 1492 0
> ip_set_hash_ip 15967 1
> ip_set 25709 2 ip_set_hash_ip,xt_set
> nfnetlink 5128 2 ip_set
> xt_tcpudp 2094 2
> xt_REDIRECT 1664 1
> xt_LOG 11752 0
> iptable_nat 2551 1
> nf_conntrack_ipv4 12913 1
> nf_defrag_ipv4 1342 1 nf_conntrack_ipv4
> nf_nat_ipv4 3574 1 iptable_nat
> nf_nat 16548 3 nf_nat_ipv4,xt_REDIRECT,iptable_nat
> nf_conntrack 84374 4
> nf_nat,nf_nat_ipv4,iptable_nat,nf_conntrack_ipv4
> ip_tables 11577 2 iptable_filter,iptable_nat
> x_tables 17000 6
> ip_tables,xt_tcpudp,xt_LOG,xt_set,iptable_filter,xt_REDIRECT
>
> On Feb 15, 2014 9:41 PM, "Punk[D.M]" <punkdm at gmail.com> wrote:
> >
> > Yes, i am sure the ipset main function is working:
> >
> > [RT-N56U:/opt/home/admin]$ ipset -H
> > ipset v6.19
> > .......
> >
> > and:
> >
> > [RT-N56U:/opt/home/admin]$ ipset -L gfwlist
> > Name: gfwlist
> > Type: hash:ip
> > Revision: 1
> > Header: family inet hashsize 1024 maxelem 65536
> > Size in memory: 8264
> > References: 1
> > Members:
> >
> > I found something, but i'm not sure it is worse to think:
> >
> > On my other router that running Tomato firmware(ipset v4.5 and Linux
> kernel 2.6.22.19), ipset with dnsmasq working fine, from netstat -lnp , i
> can see dnsmasq have a RAW Proto standing:
> >
> > udp 0 0 0.0.0.0:43000 0.0.0.0:*
> 5590/eapd
> > raw 0 0 0.0.0.0:255 0.0.0.0:*
> 7 12439/dnsmasq
> > raw 0 0 0.0.0.0:255 0.0.0.0:*
> 7 16777/pppd
> > raw 0 0 0.0.0.0:255 0.0.0.0:*
> 7 4011/socat
> > raw 0 0 0.0.0.0:255 0.0.0.0:*
> 7 1231/ss-local
> >
> > but on this RT-N56U system, none of RAW exist:
> >
> > udp 0 0 192.168.1.1:138 0.0.0.0:*
> 673/nmbd
> > udp 0 0 0.0.0.0:138 0.0.0.0:*
> 673/nmbd
> > udp 0 0 192.168.1.1:48066 0.0.0.0:*
> 544/miniupnpd
> > Active UNIX domain sockets (only servers)
> > Proto RefCnt Flags Type State I-Node PID/Program
> name Path
> > unix 2 [ ACC ] STREAM LISTENING 973
> 786/pdnsd /var/cache/pdnsd/pdnsd.status
> >
> > I pay attention to the RAW because i found the error string from ipset.c
> next section:
> >
> > if (old_kernel && (ipset_sock = socket(AF_INET, SOCK_RAW,
> IPPROTO_RAW)) != -1)
> > return;
> >
> > if (!old_kernel &&
> > (buffer = safe_malloc(BUFF_SZ)) &&
> > (ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) !=
> -1 &&
> > (bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1))
> > return;
> >
> > die (_("failed to create IPset control socket: %s"), NULL, EC_MISC);
> >
> > It is about RAW check or something? I am a total novice of C language...
> >
> > It's first time i use mail list, it's right to reply all?
> >
> >
> > 2014-02-16 2:58 GMT+08:00 Hartmut Krafft <hartmut at mail.ru>:
> >>
> >> Hi!
> >> Do you have ipset installed correctly? You need a kernel module and an
> admin program called ipset. You first need to create your ipsets using this
> program (man ipset). Only then you can use them in dnsmasq. You can check
> if the IP set was created correctly by issuing ipset -l gfwlist (or another
> name).
> >> But I think you are missing the basic ipset support in your system. You
> should have got an error creating the empty IP sets, though...
> >>
> >> On Feb 15, 2014 6:50 PM, "Punk[D.M]" <punkdm at gmail.com> wrote:
> >> >
> >> > After i compile a ASUS RT-N56U/N65U/N14U custom firmware 3.X.3.7-079
> by Padavan(https://code.google.com/p/rt-n56u/) with HAVE_IPSET on
> kernel-3.0.x (or kernel-3.4.x),
> >> >
> >> >
> >> > reboot the router and i got this error in log:
> >> >
> >> > dnsmasq[515]:failed to create IPset control socket: Protocol not
> supported
> >> >
> >> > and dnsmasq failed to start.
> >> >
> >> > I had some ipset setting in dnsmasq config:
> >> >
> >> >
> >> >
> >> > ipset=/youtube.com/gfwlist
> >> >
> >> > ipset=/twitter.com/gfwlist
> >> >
> >> > ...etc
> >> >
> >> > Any suggest with this? Thanks!
> >> >
> >> >
> >> >
> >> > Sorry my english!
> >> >
> >> >
> >> >
> >> >
> >> >
> >> _______________________________________________
> >> Dnsmasq-discuss mailing list
> >> Dnsmasq-discuss at lists.thekelleys.org.uk
> >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
> >
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140216/7fb3a7fd/attachment-0001.html>
More information about the Dnsmasq-discuss
mailing list