Bug 13971

Summary: ip6tables-nft build does not include MASQUERADE target options
Product: buildroot Reporter: mbuil
Component: OtherAssignee: unassigned
Status: RESOLVED FIXED    
Severity: normal CC: buildroot
Priority: P5    
Version: 2021.02.3   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Host: Target:
Build:

Description mbuil 2021-07-08 15:49:05 UTC 
I added the bug into the attached file because I was having trouble to explain the bug in the Description field
Comment 1 Thomas Petazzoni 2021-11-02 20:13:07 UTC 
*** Bug 13936 has been marked as a duplicate of this bug. ***
Comment 2 Thomas Petazzoni 2021-11-02 20:13:11 UTC 
*** Bug 13941 has been marked as a duplicate of this bug. ***
Comment 3 Thomas Petazzoni 2021-11-02 20:13:17 UTC 
*** Bug 13946 has been marked as a duplicate of this bug. ***
Comment 4 Thomas Petazzoni 2021-11-02 20:13:20 UTC 
*** Bug 13951 has been marked as a duplicate of this bug. ***
Comment 5 Thomas Petazzoni 2021-11-02 20:13:23 UTC 
*** Bug 13956 has been marked as a duplicate of this bug. ***
Comment 6 Thomas Petazzoni 2021-11-02 20:13:26 UTC 
*** Bug 13961 has been marked as a duplicate of this bug. ***
Comment 7 Thomas Petazzoni 2021-11-02 20:13:30 UTC 
*** Bug 13966 has been marked as a duplicate of this bug. ***
Comment 8 Andrei Gherghescu 2022-03-15 11:50:05 UTC 
(In reply to mbuil from comment #0)

Can you provide the linux kernel config and a board config you used for this? I could try to reproduce, but I don't know what exactly your configuration was.
Comment 9 Peter Seiderer 2022-03-15 20:59:11 UTC 
Re-add bug description from one of the duplicates:

> From mbuil@suse.com 2021-07-08 15:27:37 UTC
>
> Since 1.6, iptables supports the MASQUERADE target options:
>
> MASQUERADE target options:
>  --to-ports <port>[-<port>]
>                               Port (range) to map to.
>  --random
>                               Randomize source port.
>  --random-fully
>                               Fully randomize source port.
>
> When building iptables-nft, the MASQUERADE target options are included in the iptables-nft binary, however, they are not in the ip6tables-nft:
>
> $> sudo ./output/target/usr/sbin/iptables-nft -A POSTROUTING -s 10.244.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE --help | grep random
>  --random
>  --random-fully
>                               Fully randomize source port.
> $> sudo ./output/target/usr/sbin/ip6tables-nft -A POSTROUTING -s 10.244.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE --help | grep random
> $>
>
> Those targets come from the files libipt_MASQUERADE.c and libip6t_MASQUERADE.c in https://git.netfilter.org/iptables/tree/extensions but for some reason the ip6 one does not get included in the binary
Comment 10 Peter Seiderer 2022-03-15 21:03:23 UTC 
(In reply to Peter Seiderer from comment #9)

Not reproducible here (raspberrypi0w_defconfig with glibc, gcc-11.x, eudev):

$ ip6tables-nft  -A POSTROUTING -s 10.244.0.0/16 ! -d 224.0.0.0/4 -j MASQUERADE 
--help
ip6tables v1.8.7
[...]
MASQUERADE target options:
 --to-ports <port>[-<port>]
				Port (range) to map to.
 --random
				Randomize source port.
 --random-fully
				Fully randomize source port.
Comment 11 mbuil 2022-03-17 08:08:45 UTC 
Hey, thanks! A colleague of mine fixed this some months ago.