Netfilter not working on latest manjaro kernel

Netfilter not working on latest manjaro kernel - Printable Version

+- PINE64 (https://forum.pine64.org)
+-- Forum: PinePhone Pro (https://forum.pine64.org/forumdisplay.php?fid=177)
+--- Forum: PinePhone Pro Software (https://forum.pine64.org/forumdisplay.php?fid=179)
+--- Thread: Netfilter not working on latest manjaro kernel (/showthread.php?tid=17750)

Netfilter not working on latest manjaro kernel - robocone - 12-26-2022

When using netfilter on the latest manjaro for example, via wg-quick, it produces an error

Code:
# nft -f /dev/fd/63

netlink: Error: cache initialization failed: Invalid argument

I don't see any changes that stand out to me in the kernel configuration.

The nfnetlink module is loaded.

RE: Netfilter not working on latest manjaro kernel - robocone - 12-29-2022

I don't see any changes in the kernel config to do with netfilter. Googling the error comes up with this patch
https://yhbt.net/lore/netfilter-devel/20220718152100.591117-1-pablo@netfilter.org/T/
which suggests that the error may have been added recently.

To get around it I rebuilt the kernel and added just about everything in the netfilter section as modules

Code:
git clone https://gitlab.manjaro.org/manjaro-arm/packages/core/linux-pinephonepro

cd linux-pinephonepro

makepkg -so # -o to download and prepare only

# enter the source directory and edit the config. I used make menuconfig.

# return to the base directory and build and install the updated kernel

makepkg -sei # -e to skip prepare and go straight to build

Here are the extra modules that are loaded after the update

Quote:> xt_mark                16384 1
> nft_ct                 20480 2
> nft_fib_ipv4           16384 1
> nft_fib                16384 1 nft_fib_ipv4
> nf_tables             200704 17 nft_ct,nft_fib_ipv4,nft_fib
> nfnetlink              20480 1 nf_tables