[Dnsmasq-discuss] Compile with HAVE_IPSET on kernel 3.0.x problem

Punk[D.M] punkdm at gmail.com
Sun Feb 16 06:51:55 UTC 2014


This is my modules loaded:

[RT-N56U:/opt/home/admin]$ lsmod
Module                  Size  Used by
xt_set                  4800  1
ip_set_list_set         7408  0
ip_set_bitmap_ip        6720  0
ip_set_hash_net        21056  0
ip_set_hash_ip         16432  1
ip_set                 21904  5
xt_set,ip_set_list_set,ip_set_bitmap_ip,ip_set_hash_net,ip_set_hash_ip
nfnetlink               1904  1 ip_set
hw_nat                 36368  0
nf_nat_ftp              1152  0
nf_conntrack_ftp        5072  1 nf_nat_ftp
usblp                   9552  0
ext4                  275504  2
jbd2                   50944  1 ext4
mbcache                 4272  1 ext4
rt3090_ap             604400  0
usb_storage            30912  3
rt2860v2_ap           620896  0
ohci_hcd               15776  0
ehci_hcd               34000  0


2014-02-16 5:56 GMT+08:00 Hartmut Krafft <hartmut at mail.ru>:

> I don't have such raw sockets here and the ipset works regardless.
> Did you check that the modules are installed?
>
> $ lsmod
> Module                  Size  Used by
> xt_set                  5293  2
> iptable_filter          1492  0
> ip_set_hash_ip         15967  1
> ip_set                 25709  2 ip_set_hash_ip,xt_set
> nfnetlink               5128  2 ip_set
> xt_tcpudp               2094  2
> xt_REDIRECT             1664  1
> xt_LOG                 11752  0
> iptable_nat             2551  1
> nf_conntrack_ipv4      12913  1
> nf_defrag_ipv4          1342  1 nf_conntrack_ipv4
> nf_nat_ipv4             3574  1 iptable_nat
> nf_nat                 16548  3 nf_nat_ipv4,xt_REDIRECT,iptable_nat
> nf_conntrack           84374  4
> nf_nat,nf_nat_ipv4,iptable_nat,nf_conntrack_ipv4
> ip_tables              11577  2 iptable_filter,iptable_nat
> x_tables               17000  6
> ip_tables,xt_tcpudp,xt_LOG,xt_set,iptable_filter,xt_REDIRECT
>
> On Feb 15, 2014 9:41 PM, "Punk[D.M]" <punkdm at gmail.com> wrote:
> >
> > Yes, i am sure the ipset main function is working:
> >
> > [RT-N56U:/opt/home/admin]$ ipset -H
> > ipset v6.19
> > .......
> >
> > and:
> >
> > [RT-N56U:/opt/home/admin]$ ipset -L gfwlist
> > Name: gfwlist
> > Type: hash:ip
> > Revision: 1
> > Header: family inet hashsize 1024 maxelem 65536
> > Size in memory: 8264
> > References: 1
> > Members:
> >
> > I found something, but i'm not sure it is worse to think:
> >
> > On my other router that running Tomato firmware(ipset v4.5 and Linux
> kernel 2.6.22.19), ipset with dnsmasq working fine, from netstat -lnp , i
> can see dnsmasq have a RAW Proto standing:
> >
> > udp        0      0 0.0.0.0:43000           0.0.0.0:*
> 5590/eapd
> > raw        0      0 0.0.0.0:255             0.0.0.0:*
> 7           12439/dnsmasq
> > raw        0      0 0.0.0.0:255             0.0.0.0:*
> 7           16777/pppd
> > raw        0      0 0.0.0.0:255             0.0.0.0:*
> 7           4011/socat
> > raw        0      0 0.0.0.0:255             0.0.0.0:*
> 7           1231/ss-local
> >
> > but on this RT-N56U system, none of RAW exist:
> >
> > udp        0      0 192.168.1.1:138         0.0.0.0:*
> 673/nmbd
> > udp        0      0 0.0.0.0:138             0.0.0.0:*
> 673/nmbd
> > udp        0      0 192.168.1.1:48066       0.0.0.0:*
> 544/miniupnpd
> > Active UNIX domain sockets (only servers)
> > Proto RefCnt Flags       Type       State         I-Node PID/Program
> name    Path
> > unix  2      [ ACC ]     STREAM     LISTENING     973
> 786/pdnsd           /var/cache/pdnsd/pdnsd.status
> >
> > I pay attention to the RAW because i found the error string from ipset.c
> next section:
> >
> >   if (old_kernel && (ipset_sock = socket(AF_INET, SOCK_RAW,
> IPPROTO_RAW)) != -1)
> >     return;
> >
> >   if (!old_kernel &&
> >       (buffer = safe_malloc(BUFF_SZ)) &&
> >       (ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) !=
> -1 &&
> >       (bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1))
> >     return;
> >
> >   die (_("failed to create IPset control socket: %s"), NULL, EC_MISC);
> >
> > It is about RAW check or something? I am a total novice of C language...
> >
> > It's first time i use mail list, it's right to reply all?
> >
> >
> > 2014-02-16 2:58 GMT+08:00 Hartmut Krafft <hartmut at mail.ru>:
> >>
> >> Hi!
> >> Do you have ipset installed correctly? You need a kernel module and an
> admin program called ipset. You first need to create your ipsets using this
> program (man ipset). Only then you can use them in dnsmasq. You can check
> if the IP set was created correctly by issuing ipset -l gfwlist (or another
> name).
> >> But I think you are missing the basic ipset support in your system. You
> should have got an error creating the empty IP sets, though...
> >>
> >> On Feb 15, 2014 6:50 PM, "Punk[D.M]" <punkdm at gmail.com> wrote:
> >> >
> >> > After i compile a ASUS RT-N56U/N65U/N14U custom firmware 3.X.3.7-079
> by Padavan(https://code.google.com/p/rt-n56u/) with HAVE_IPSET on
> kernel-3.0.x (or kernel-3.4.x),
> >> >
> >> >
> >> > reboot the router and i got this error in log:
> >> >
> >> > dnsmasq[515]:failed to create IPset control socket: Protocol not
> supported
> >> >
> >> > and dnsmasq failed to start.
> >> >
> >> > I had some ipset setting in dnsmasq config:
> >> >
> >> >
> >> >
> >> > ipset=/youtube.com/gfwlist
> >> >
> >> > ipset=/twitter.com/gfwlist
> >> >
> >> > ...etc
> >> >
> >> > Any suggest with this? Thanks!
> >> >
> >> >
> >> >
> >> > Sorry my english!
> >> >
> >> >
> >> >
> >> >
> >> >
> >> _______________________________________________
> >> Dnsmasq-discuss mailing list
> >> Dnsmasq-discuss at lists.thekelleys.org.uk
> >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
> >
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140216/7fb3a7fd/attachment-0001.html>


More information about the Dnsmasq-discuss mailing list