Add a new kernel module during the compilation

Discussion in 'Tomato Firmware' started by Obitwo, Apr 26, 2018.

  1. Obitwo

    Obitwo New Member Member

    Hello all,

    After several days of pain to compile my first custom firmware based on Advanced Tomato, I'm trying to fix an issue that require the module NETFILTER_XT_MATCH_CONNTRACK which is currently disable in the kernel.

    I've made a make menuconfig, enabled the module and saved the configuration, but it seems that my option is overrides during the compilation process.

    Somebody knows where modifying the configuration file for the kernel options ?

    Thanks
     
  2. koitsu

    koitsu Network Guru Member

    Below I am talking about Toastman-ARM branch, and/or kille72 (not a branch); MIPS is slightly different pathname-wise but the process is the same.

    TomatoUSB is not a Linux distro for desktop or server. Do not use make menuconfig. It is not done this way.

    Below is a general "brain dump", in no particular order.

    You might need to get familiar with the Makefiles and the targets within them that actually modify portions of the text Linux kernel configuration file pertaining to the feature you need. If you aren't familiar with GNU make, you may experience trouble, but you might get lucky and just have to edit config_base.

    I would start by skimming release/src-rt-6.x.4708/Makefile. Look for things like CONFIG_ and you will see what I'm talking about. There are a lot of conditionals involved based on different features and firmware build types (IPv6 inclusion vs. USB vs. UPS support vs. 64KB NVRAM vs. 128KB NVRAM etc.). The declared pseudo-function (used via $(call)) is called KernelConfig. There are other CONFIG_xxx variables used *not* for kernel-config-related things, so it's very easy to get lost.

    The results end up in release/src-rt-6.x.4708/linux/linux-2.6.36/config_base, which is the kernel configuration file. Sometimes you can just edit this file directly and make the change you need and it just works. It depends on what you're trying to add/change, though -- as review of the aforementioned Makefile will teach you.

    I've looked at config_base for you. XT_MATCH_CONNTRACK is already enabled, at least in Toastman-ARM:

    Code:
    .../release/src-rt-6.x.4708/linux/linux-2.6.36 (Toastman-ARM) $ grep ^CONFIG_NETFILTER_XT_MATCH_CONN config_base
    CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
    CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
    CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
    CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
    
    You can see here it's enabled statically in the kernel (=y) and not as a module (=m). There are reasons for this, the most common of which is that people have run into problems in the past with modprobe and/or iptables (esp. the latter) not loading netfilter kernel modules despite them being there on disk. We don't know why this happens, but when it does it causes threads like this one to happen and confuses end users. By including them statically all of these pains are alleviated. Here are some examples I've dealt with over the years:

    http://www.linksysinfo.org/index.php?threads/why-can’t-modprobe-xt_hl-work-in-init-script.74079/
    http://www.linksysinfo.org/index.php?threads/question-about-iptables-u32.72496/
    http://www.linksysinfo.org/index.php?threads/how-to-compile-module-in-tomato-r8000-router.73142/
    http://www.linksysinfo.org/index.php?threads/how-to-start-string-module.68679/

    In this case, you should just be able to edit config_base, change the relevant line to CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y, build the firmware, and it should just work. How do I know that? Because I've been here before (on MIPS anyway). If you have problems, I suggest talking with the Advanced Tomato folks directly, as their branch/firmware may have changed this process in some way.
     
    AndreDVJ likes this.
  3. Obitwo

    Obitwo New Member Member

    Hi koitsu,

    That was finally simple, so after updating the file, and clean and compile again, this definitely solve my problem !!

    For some reason, the AdvancedTomato missed this module, causing the multiWAN nonfunctional (iptables failed to apply).

    Thank you so much for your useful help.

    Olivier.
     
  4. koitsu

    koitsu Network Guru Member

    No problem. You should file a ticket or support request with the Advanced Tomato folks and ask them to change that single line so that it'll be solved for you next release, assuming the project is still active. It doesn't increase the size of the firmware much (I think maybe 4-8KBytes or so?).
     
  5. Sean B.

    Sean B. LI Guru Member

  6. Obitwo

    Obitwo New Member Member

    I made a pull request, but no answer for now. (https://github.com/Jackysi/advancedtomato/pull/409).

    The file size is going from 21.64Mb to 22.7Mb, but no causing any issue from my side. I'm not sure why it's more than 1MB more than the official one.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice