Sorry, forgot to reply all On Fri, Feb 11, 2022 at 11:09 AM Wenli Looi <[email protected]> wrote: > > Hi Rui, > > Yes, I believe it still works. Every place where fw3_has_table is > called, we check immediately after if fw3_ipt_open succeeds, which > makes fw3_has_table superfluous? > > I added a few print statements to fw3_ipt_open to check the case you > mentioned: > > root@OpenWrt:~# fw3 restart 2>/dev/null > fw3_ipt_open SUCCESS for v4 filter > fw3_ipt_open SUCCESS for v4 nat > fw3_ipt_open SUCCESS for v4 mangle > fw3_ipt_open FAILED for v4 raw > fw3_ipt_open FAILED for v6 filter > fw3_ipt_open FAILED for v6 nat > fw3_ipt_open FAILED for v6 mangle > fw3_ipt_open FAILED for v6 raw > fw3_ipt_open SUCCESS for v4 filter > fw3_ipt_open SUCCESS for v4 nat > fw3_ipt_open SUCCESS for v4 mangle > fw3_ipt_open FAILED for v4 raw > fw3_ipt_open FAILED for v6 filter > fw3_ipt_open FAILED for v6 nat > fw3_ipt_open FAILED for v6 mangle > fw3_ipt_open FAILED for v6 raw > root@OpenWrt:~# opkg install kmod-ipt-raw > Installing kmod-ipt-raw (5.10.96-1) to root... > Downloading > https://downloads.openwrt.org/snapshots/targets/x86/64/kmods/5.10.96-1-d70ff298d8114a0df4de3fc8fa861191/kmod-ipt-raw_5.10.96-1_x86_64.ipk > Configuring kmod-ipt-raw. > root@OpenWrt:~# fw3 restart 2>/dev/null > fw3_ipt_open SUCCESS for v4 filter > fw3_ipt_open SUCCESS for v4 nat > fw3_ipt_open SUCCESS for v4 mangle > fw3_ipt_open SUCCESS for v4 raw > fw3_ipt_open FAILED for v6 filter > fw3_ipt_open FAILED for v6 nat > fw3_ipt_open FAILED for v6 mangle > fw3_ipt_open FAILED for v6 raw > fw3_ipt_open SUCCESS for v4 filter > fw3_ipt_open SUCCESS for v4 nat > fw3_ipt_open SUCCESS for v4 mangle > fw3_ipt_open SUCCESS for v4 raw > fw3_ipt_open FAILED for v6 filter > fw3_ipt_open FAILED for v6 nat > fw3_ipt_open FAILED for v6 mangle > fw3_ipt_open FAILED for v6 raw > > Thanks! > Wenli > > On Fri, Feb 11, 2022 at 1:04 AM Rui Salvaterra <[email protected]> wrote: > > > > Hi, Wenli, > > > > On Thu, 10 Feb 2022 at 19:19, Wenli Looi <[email protected]> wrote: > > > > > > Hi Rui and Ansuel, > > > > > > Can you take a look at this patch I sent a while ago for firewall3? I > > > think it is a better solution for the problem in kernel 5.15+ that is > > > identified here. > > > > > > http://lists.openwrt.org/pipermail/openwrt-devel/2022-January/037534.html > > > > > > Note that Ansuel's commit also seems to fix the problem with > > > LXC/LXD/Docker, because poking the table with fw3_ipt_open makes it > > > show up in ip_tables_names under Linux containers. However, as stated > > > in the commit, I don't think we need to check ip_tables_names at all? > > > > [patch snipped] > > > > Does this still work when a table missing from the system? In other > > words, when a table is compiled as a module, available in an > > installable kernel package, but not installed in the system by default > > (as is the case for the raw table in the kmod-ipt-raw package)? That's > > the point of fw3_has_table, to check if a table exists in the system > > before using it. > > > > Thanks, > > Rui
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
