主页 / unix / 问题 / 780570
Accepted
parsley72
Asked: 2024-07-22 12:18:55 +0800 CST

如何通过 Wifi 共享 LTE 调制解调器互联网?

  • 772

我已经使用 NetworkManager/ModemManager 设置了我的 LTE 调制解调器,并且运行正常。我还使用 DHCP 在 NetworkManager 中将 Wifi 设置为接入点。

但是我如何通过 Wifi 共享 LTE 调制解调器互联网访问?我已启用 IP 转发 ( echo 1 > /proc/sys/net/ipv4/ip_forward),还有什么?

# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:12946 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12946 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1297231 (1.2 MiB)  TX bytes:1297231 (1.2 MiB)

wlan0     Link encap:Ethernet  HWaddr E8:4F:25:DD:BD:51
          inet addr:10.42.0.1  Bcast:10.42.0.255  Mask:255.255.255.0
          inet6 addr: fe80::ea4f:25ff:fedd:bd51/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:77 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:12101 (11.8 KiB)

wwan0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:100.72.254.176  P-t-P:100.72.254.176  Mask:255.255.255.224
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:1808 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2176 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:356293 (347.9 KiB)  TX bytes:261384 (255.2 KiB)

# ip route
default via 100.72.254.177 dev wwan0  metric 700
10.42.0.0/24 dev wlan0 scope link  src 10.42.0.1  metric 600
100.72.254.160/27 dev wwan0 scope link  src 100.72.254.176  metric 700

Wifi 的 DHCP 由 NetworkManager 启动 dnsmasq 使用默认参数完成:

# ps -eF | grep dnsmasq
nobody      1104     606  0  1285  2444   0 09:05 ?        00:00:00 /usr/bin/dnsmasq --conf-file=/dev/null --no-hosts --keep-in-foreground --bind-interfaces --except-interface=lo --clear-on-reload --strict-order --listen-address=10.42.0.1 --dhcp-range=10.42.0.10,10.42.0.254,60m --dhcp-lease-max=50 --dhcp-leasefile=/var/lib/NetworkManager/dnsmasq-wlan0.leases --pid-file=/var/run/nm-dnsmasq-wlan0.pid --conf-dir=/etc/NetworkManager/dnsmasq-shared.d

参考NetworkManager 和 dnsmasq dhcp 地址范围)。

# cat /etc/NetworkManager/system-connections/ap.nmconnection
[connection]
id=ap
uuid=3205b229-8c4d-4766-8d63-bcd949d03321
type=wifi
autoconnect=false
interface-name=wlan0

[wifi]
band=bg
channel=1
mode=ap
ssid=MySSID

[wifi-security]
group=ccmp;
key-mgmt=wpa-psk
pairwise=ccmp;
proto=rsn;
psk=MyPSK

[ipv4]
method=shared

[ipv6]
addr-gen-mode=stable-privacy
method=ignore

[proxy]

一位同事建议使用https://github.com/oblique/create_ap。我尝试了 NAT 和桥接选项,但都失败了。

网络地址转换(NAT):

# create_ap -w 2 wlan0 wwan0 APTest 12345678
WARN: brmfmac driver doesn't work properly with virtual interfaces and
      it can cause kernel panic. For this reason we disallow virtual
      interfaces for your adapter.
      For more info: https://github.com/oblique/create_ap/issues/203
WARN: Your adapter does not fully support AP virtual interface, enabling --no-virt
Config dir: /tmp/create_ap.wlan0.conf.XX59Vdf8
PID: 537195
Network Manager found, set wlan0 as unmanaged device... [46988.754925] ieee80211 phy1: brcmf_set_pmk: failed to change PSK in firmware (len=0)
[46988.784848] ieee80211 phy1: brcmf_vif_set_mgmt_ie: vndr ie set error : -52
[46988.792027] ieee80211 phy1: brcmf_vif_set_mgmt_ie: vndr ie set error : -52
DONE
Sharing Internet using method: nat
iptables v1.8.7 (legacy): unknown option "--to-ports"
Try `iptables -h' or 'iptables --help' for more information.

Doing cleanup.. done

桥:

# create_ap -w 2 -m bridge wlan0 wwan0 APTest 12345678
WARN: brmfmac driver doesn't work properly with virtual interfaces and
      it can cause kernel panic. For this reason we disallow virtual
      interfaces for your adapter.
      For more info: https://github.com/oblique/create_ap/issues/203
WARN: Your adapter does not fully support AP virtual interface, enabling --no-virt
Config dir: /tmp/create_ap.wlan0.conf.XXgGPNON
PID: 540585
Network Manager found, set wlan0 as unmanaged device... DONE
Sharing Internet using method: bridge
Create a bridge interface... ip: RTNETLINK answers: Operation not supported
networkmanager

2 个回答

  1. 对于 IPv4,您需要的部分包括:

    • 访问 WiFi 接入点(您有)
    • IPv4 转发(您已启用)
    • 配置好的 WAN 设备(您有)
    • WIFI 接入点和 WAN 之间的 NAT(您没有提到它)。

    什么是 NAT 以及为什么需要它?

    互联网上的所有 IP 地址均在IANA上注册(以块为单位) 。互联网本身会为每个注册的 IP 地址(块)组织路由,因此 IP 地址本身便会告诉每个路由器将数据包转发到何处。

    但是您的本地网络 IP 地址(您的情况是 10.42.0.x)未在 IANA 注册,互联网路由器不知道如何找到您。无论如何,您都不拥有该地址,但它被保留给任何人使用。

    网络地址转换将传出数据包上的本地 IP 地址与路由器自己的 [公共] IP 地址进行交换,以便互联网上的服务器看到路由器的公共 IP 地址,而不是设备的本地网络 IP 地址。然后,路由器对传入数据包进行反向交换,然后再将它们发送回本地设备。

    使用 iptables 设置 NAT

    不要忘记您可能需要sudo并且不要忘记 iptables 通常不会在重启时保存。有关如何在 Ubuntu 中保留 iptables 规则的说明可在此处找到:https://askubuntu.com/questions/84781/iptables-resets-when-server-reboots

    iptables 规则:

    iptables -t nat -A POSTROUTING -i wlan0 -o wwan0 -j MASQUERADE
    • 1
  2. Best Answer

    按照https://community.unix.com/t/iptables-v1-8-7-nf-tables-unknown-option-to-ports/385377/7,我将其添加strace到我的设备:

    # strace iptables -A OUTPUT -m owner --uid 0
execve("/usr/sbin/iptables", ["iptables", "-A", "OUTPUT", "-m", "owner", "--uid", "0"], 0x7ffa7423d0 /* 29 vars */) = 0
brk(NULL)                               = 0x55a5afa000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8502f000
faccessat(AT_FDCWD, "/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=32961, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 32961, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f85026000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/libip4tc.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=31152, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 160296, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84fd1000
mmap(0x7f84fe0000, 94760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7f84fe0000
munmap(0x7f84fd1000, 61440)             = 0
munmap(0x7f84ff8000, 552)               = 0
mprotect(0x7f84fe7000, 61440, PROT_NONE) = 0
mmap(0x7f84ff6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f84ff6000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/libip6tc.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=31152, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 160296, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84fb8000
mmap(0x7f84fc0000, 94760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7f84fc0000
munmap(0x7f84fb8000, 32768)             = 0
munmap(0x7f84fd8000, 29224)             = 0
mprotect(0x7f84fc7000, 61440, PROT_NONE) = 0
mmap(0x7f84fd6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f84fd6000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/libxtables.so.12", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=59304, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 199720, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84f8f000
mmap(0x7f84f90000, 134184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7f84f90000
munmap(0x7f84f8f000, 4096)              = 0
munmap(0x7f84fb1000, 60456)             = 0
mprotect(0x7f84f9e000, 61440, PROT_NONE) = 0
mmap(0x7f84fad000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd000) = 0x7f84fad000
mmap(0x7f84faf000, 7208, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f84faf000
close(3)                                = 0
openat(AT_FDCWD, "/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0@\264\2\0\0\0\0\0"..., 832) = 832
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0/\267c\324\361R\25\177\n\177\26\327\322\277\4\211"..., 68, 768) = 68
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=1630088, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 1805328, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84dd7000
mmap(0x7f84de0000, 1739792, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7f84de0000
munmap(0x7f84dd7000, 36864)             = 0
munmap(0x7f84f89000, 27664)             = 0
mprotect(0x7f84f68000, 61440, PROT_NONE) = 0
mmap(0x7f84f77000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x187000) = 0x7f84f77000
mmap(0x7f84f7d000, 48144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f84f7d000
close(3)                                = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f85024000
set_tid_address(0x7f850240f0)           = 25050
set_robust_list(0x7f85024100, 24)       = 0
rseq(0x7f850247c0, 0x20, 0, 0xd428bc00) = 0
mprotect(0x7f84f77000, 12288, PROT_READ) = 0
mprotect(0x7f84fad000, 4096, PROT_READ) = 0
mprotect(0x7f84fd6000, 4096, PROT_READ) = 0
mprotect(0x7f84ff6000, 4096, PROT_READ) = 0
mprotect(0x557a8bc000, 4096, PROT_READ) = 0
mprotect(0x7f85033000, 8192, PROT_READ) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
munmap(0x7f85026000, 32961)             = 0
newfstatat(AT_FDCWD, "/usr/lib/xtables/libipt_owner.so", 0x7fdac3dc78, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/xtables/libxt_owner.so", {st_mode=S_IFREG|0755, st_size=18904, ...}, 0) = 0
getrandom("\x89\xee\xcc\x55\xdc\x6d\x75\xd8", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55a5afa000
brk(0x55a5b1b000)                       = 0x55a5b1b000
openat(AT_FDCWD, "/usr/lib/xtables/libxt_owner.so", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=18904, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 148048, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f84dbb000
mmap(0x7f84dc0000, 82512, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7f84dc0000
munmap(0x7f84dbb000, 20480)             = 0
munmap(0x7f84dd5000, 41552)             = 0
mprotect(0x7f84dc3000, 65536, PROT_NONE) = 0
mmap(0x7f84dd3000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f84dd3000
close(3)                                = 0
mprotect(0x7f84dd3000, 4096, PROT_READ) = 0
socket(AF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
newfstatat(AT_FDCWD, "/proc/net/ip_tables_names", {st_mode=S_IFREG|0440, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
statfs("/proc/net/ip_tables_names", {f_type=PROC_SUPER_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0
getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_MATCH, 0x7fdac3db68, [30]) = -1 ENOENT (No such file or directory)
close(3)                                = 0
socket(AF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_MATCH, 0x7fdac3db68, [30]) = -1 ENOENT (No such file or directory)
close(3)                                = 0
write(2, "iptables v1.8.7 (legacy): ", 26iptables v1.8.7 (legacy): ) = 26
write(2, "Couldn't load match `owner':No s"..., 54Couldn't load match `owner':No such file or directory
) = 54
write(2, "\n", 1
)                       = 1
write(2, "Try `iptables -h' or 'iptables -"..., 61Try `iptables -h' or 'iptables --help' for more information.
) = 61
exit_group(2)                           = ?
+++ exited with 2 +++

    看起来我们缺少了/usr/lib/xtables/libipt_owner.so。https ://forums.gentoo.org/viewtopic-t-754259-start-0.html表明这需要CONFIG_NETFILTER_XT_MATCH_OWNER=m所以我尝试了:

    # iptables -A OUTPUT -m owner --uid 0

    有趣的是,在工作命令上运行时,strace发生变化的行是getsockopt从:

    newfstatat(AT_FDCWD, "/proc/net/ip_tables_names", {st_mode=S_IFREG|0440, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
statfs("/proc/net/ip_tables_names", {f_type=PROC_SUPER_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0
getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_MATCH, 0x7fdac3db68, [30]) = -1 ENOENT (No such file or directory)

    到:

    newfstatat(AT_FDCWD, "/proc/net/ip_tables_names", {st_mode=S_IFREG|0440, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
statfs("/proc/net/ip_tables_names", {f_type=PROC_SUPER_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0
getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_MATCH, "owner\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\1", [30]) = 0

    NAT 仍然失败,因此再次尝试 {{strace}}:

    # strace iptables -w -t nat -I PREROUTING -s 192.168.12.0/24 -d 192.168.12.1 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 5353
execve("/usr/sbin/iptables", ["iptables", "-w", "-t", "nat", "-I", "PREROUTING", "-s", "192.168.12.0/24", "-d", "192.168.12.1", "-p", "tcp", "-m", "tcp", "--dport", "53", "-j", "REDIRECT", "--to-ports", "5353"], 0x7ff90c7de8 /* 29 vars */) = 0
brk(NULL)                               = 0x55b6039000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4e97000
faccessat(AT_FDCWD, "/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=32961, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 32961, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fb4e8e000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/libip4tc.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=31152, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 160296, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4e39000
mmap(0x7fb4e40000, 94760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4e40000
munmap(0x7fb4e39000, 28672)             = 0
munmap(0x7fb4e58000, 33320)             = 0
mprotect(0x7fb4e47000, 61440, PROT_NONE) = 0
mmap(0x7fb4e56000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7fb4e56000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/libip6tc.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=31152, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 160296, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4e18000
mmap(0x7fb4e20000, 94760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4e20000
munmap(0x7fb4e18000, 32768)             = 0
munmap(0x7fb4e38000, 29224)             = 0
mprotect(0x7fb4e27000, 61440, PROT_NONE) = 0
mmap(0x7fb4e36000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7fb4e36000
close(3)                                = 0
openat(AT_FDCWD, "/usr/lib/libxtables.so.12", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=59304, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 199720, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4def000
mmap(0x7fb4df0000, 134184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4df0000
munmap(0x7fb4def000, 4096)              = 0
munmap(0x7fb4e11000, 60456)             = 0
mprotect(0x7fb4dfe000, 61440, PROT_NONE) = 0
mmap(0x7fb4e0d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd000) = 0x7fb4e0d000
mmap(0x7fb4e0f000, 7208, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb4e0f000
close(3)                                = 0
openat(AT_FDCWD, "/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0@\264\2\0\0\0\0\0"..., 832) = 832
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0/\267c\324\361R\25\177\n\177\26\327\322\277\4\211"..., 68, 768) = 68
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=1630088, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 1805328, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4c37000
mmap(0x7fb4c40000, 1739792, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4c40000
munmap(0x7fb4c37000, 36864)             = 0
munmap(0x7fb4de9000, 27664)             = 0
mprotect(0x7fb4dc8000, 61440, PROT_NONE) = 0
mmap(0x7fb4dd7000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x187000) = 0x7fb4dd7000
mmap(0x7fb4ddd000, 48144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fb4ddd000
close(3)                                = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4e8c000
set_tid_address(0x7fb4e8c0f0)           = 83953
set_robust_list(0x7fb4e8c100, 24)       = 0
rseq(0x7fb4e8c7c0, 0x20, 0, 0xd428bc00) = 0
mprotect(0x7fb4dd7000, 12288, PROT_READ) = 0
mprotect(0x7fb4e0d000, 4096, PROT_READ) = 0
mprotect(0x7fb4e36000, 4096, PROT_READ) = 0
mprotect(0x7fb4e56000, 4096, PROT_READ) = 0
mprotect(0x558371f000, 4096, PROT_READ) = 0
mprotect(0x7fb4e9b000, 8192, PROT_READ) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
munmap(0x7fb4e8e000, 32961)             = 0
getrandom("\xfa\xf8\xa1\x00\x5e\xc6\xd6\x38", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55b6039000
brk(0x55b605a000)                       = 0x55b605a000
newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, st_size=482, ...}, 0) = 0
newfstatat(AT_FDCWD, "/", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0
openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=482, ...}, AT_EMPTY_PATH) = 0
read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 482
read(3, "", 4096)                       = 0
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=482, ...}, AT_EMPTY_PATH) = 0
close(3)                                = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=32961, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 32961, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fb4e8e000
close(3)                                = 0
openat(AT_FDCWD, "/lib/tls/aarch64/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/tls/aarch64", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/tls/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/tls", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/aarch64/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/aarch64", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/tls/aarch64/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/tls/aarch64", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/tls/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/tls", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/aarch64/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/aarch64", 0x7fe4e67730, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/libnss_db.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib", {st_mode=S_IFDIR|0755, st_size=32768, ...}, 0) = 0
munmap(0x7fb4e8e000, 32961)             = 0
openat(AT_FDCWD, "/etc/protocols", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=2932, ...}, AT_EMPTY_PATH) = 0
lseek(3, 0, SEEK_SET)                   = 0
read(3, "# Internet (IP) protocols\n#\n# Up"..., 4096) = 2932
close(3)                                = 0
newfstatat(AT_FDCWD, "/usr/lib/xtables/libipt_tcp.so", 0x7fe4e68508, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/xtables/libxt_tcp.so", {st_mode=S_IFREG|0755, st_size=14424, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/xtables/libxt_tcp.so", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=14424, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 143568, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4c1c000
mmap(0x7fb4c20000, 78032, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4c20000
munmap(0x7fb4c1c000, 16384)             = 0
munmap(0x7fb4c34000, 45264)             = 0
mprotect(0x7fb4c23000, 61440, PROT_NONE) = 0
mmap(0x7fb4c32000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7fb4c32000
close(3)                                = 0
mprotect(0x7fb4c32000, 4096, PROT_READ) = 0
socket(AF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
newfstatat(AT_FDCWD, "/proc/net/ip_tables_names", {st_mode=S_IFREG|0440, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0
statfs("/proc/net/ip_tables_names", {f_type=PROC_SUPER_MAGIC, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={val=[0, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0
getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_MATCH, "tcp\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", [30]) = 0
close(3)                                = 0
newfstatat(AT_FDCWD, "/usr/lib/xtables/libipt_REDIRECT.so", {st_mode=S_IFREG|0755, st_size=10344, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/xtables/libipt_REDIRECT.so", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\0\0\0\0\0\0\0\0"..., 832) = 832
newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=10344, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 139480, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb4bfd000
mmap(0x7fb4c00000, 73944, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = 0x7fb4c00000
munmap(0x7fb4bfd000, 12288)             = 0
munmap(0x7fb4c13000, 49368)             = 0
mprotect(0x7fb4c02000, 61440, PROT_NONE) = 0
mmap(0x7fb4c11000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7fb4c11000
close(3)                                = 0
mprotect(0x7fb4c11000, 4096, PROT_READ) = 0
socket(AF_INET, SOCK_RAW, IPPROTO_RAW)  = 3
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
getsockopt(3, SOL_IP, IPT_SO_GET_REVISION_TARGET, 0x7fe4e683e8, [30]) = -1 ENOENT (No such file or directory)
close(3)                                = 0
write(2, "iptables v1.8.7 (legacy): ", 26iptables v1.8.7 (legacy): ) = 26
write(2, "unknown option \"--to-ports\"", 27unknown option "--to-ports") = 27
write(2, "\n", 1
)                       = 1
write(2, "Try `iptables -h' or 'iptables -"..., 61Try `iptables -h' or 'iptables --help' for more information.
) = 61
exit_group(2)                           = ?
+++ exited with 2 +++

    之前我们在 时失败了IPT_SO_GET_REVISION_MATCH,现在 是IPT_SO_GET_REVISION_TARGET。我在 Linux v5.4.238 源代码中查找了它的用法: https://elixir.bootlin.com/linux/v5.4.238/C/ident/IPT_SO_GET_REVISION_TARGET 它们用于相同的函数。我还注意到,如果你在没有 的情况下运行,--to-ports你会得到:

    # iptables -w -t nat -I PREROUTING -s 192.168.12.0/24 -d 192.168.12.1 -p tcp -m tcp --dport 53 -j REDIRECT
iptables v1.8.7 (legacy): Couldn't load target `REDIRECT':No such file or directory

    So if adding CONFIG_NETFILTER_XT_MATCH_OWNER fixed IPT_SO_GET_REVISION_MATCH, would adding CONFIG_NETFILTER_XT_TARGET_REDIRECT fix IPT_SO_GET_REVISION_TARGET?

    Yes it does, NAT method now works.

    • 0

相关问题