Re: Can't run meters example - "Could not process rule: Operation not supported"

Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx> · Wed, 18 Sep 2019 11:56:49 +0200

Hello Oscar,

On 9/18/19 11:41 AM, Oscar Muñoz Garrigós wrote:
> Hello,
> I'm trying to execute the example on
> (https://wiki.nftables.org/wiki-nftables/index.php/Meters) / Using
> meters:
> 
> nft add table my_filter_table
> nft add chain my_filter_table my_input_chain {type filter hook input
> priority 0\;}
> nft add set my_filter_table my_ssh_meter { type ipv4_addr\; flags dynamic \;}
> nft add rule my_filter_table my_input_chain tcp dport 22 ct state new
> add @my_ssh_meter { ip saddr limit rate 10/second } accept
> 
> I'm getting the error:
> Error: Could not process rule: Operation not supported
> add rule my_filter_table my_input_chain tcp dport 22 ct state new add
> @my_ssh_meter { ip saddr limit rate 10/second } accept
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 

That is working fine in my system.

table ip my_filter_table {
	set my_ssh_meter {
		type ipv4_addr
		size 65535
		flags dynamic
	}

	chain my_input_chain {
		type filter hook input priority filter; policy accept;
		tcp dport 22 ct state new add @my_ssh_meter { ip saddr limit rate
10/second } accept
	}
}

Have you checked that your installed kernel has all the necessary
modules enabled?

Thanks!

> The installation has been done from sources:
> 
> * Versions:
>   - gmp: 6.1.2
>   - readline: 8.0
>   - libnftnl: 1.1.4
>   - libmnl: 1.0.4
>   - nft: 0.9.2
> 
> * The configure script for nft returned:
>       nft configuration:
>         cli support:                            yes
>         enable debugging symbols:    yes
>         use mini-gmp:                       no
>         enable man page:                  yes
>         libxtables support:                 no
>         json output support:               no
>         enable Python:                      yes (with /usr/bin/python)
> 
> * I've also tried with different versions of nft (0.9.2, 0.9.1). 0.9.0
> gives me an error in the make process.
> * installation instructions:
> #  git checkout (version to install)
> #  ./autogen.sh && ./configure && make && make check && (sudo) make install
> 
> I've readed in previous mails[1] this code works, but I don't know
> what I'm doing wrong. ¿Does anyone have the same error? ¿Does anyone
> know if my error is related to not supporting mini-gmp or libxtables?
> 
> [1] https://marc.info/?l=netfilter&m=156508925816504&w=2
> 
> Cheers,
> Oscar
> 