Program does not start (Could not open socket to kernel: Address family not supported by protocol) #52
Comments
|
Hi jorik392! Could you launch it from a shell as root and post the output? For example: thank you! |
|
Output ERROR: path=/usr/bin/ip6tables args=[-D INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass] err=exit status 1 out='Could not open socket to kernel: Address family not supported by protocol |
|
woah, on the one hand, we shouldn't exit if we cannot insert an ip6tables rule. I'll fix it ASAP. But on the other hand, the error suggests that your kernel does not support IPV6 protocol, can you post the output of the following command? or execute: |
|
Running ip6tables -L ip6tables v1.8.5 (legacy): can't initialize ip6tables table `filter': Address family not supported by protocol |
|
ok, thank you jorik392, I'll fix it soon. |
Some systems has the IPV6 protocol disabled, so we failed starting up with the error "Address family not supported by protocol" (#52). Now we don't exist even if we can't insert the needed rules, we'll just log the error.
gustavo-iniguez-goya
changed the title
|
Thanks @gustavo-iniguez-goya, I tried latest commit and it looks like it is working now. Are there more fixes needed or should I close the issue? I have a few questions about the program if you could answer
|
|
yes, you can close the issue.
audit is more accurate than the others two. proc works just fine in my opinion, and I haven't used ftrace in ages.
The option is disabled by default because in some cases it generates a lot of popup dialogs to allow/deny connections. In my case for example, when coming back from hibernate and connecting to the network (but it has been mostly solved in v1.0.1). It's a bit annoying sometimes. The option to intercept "unknown" connections was added to alert the user about connections that doesn't have an associated PID. That situation may occur due to several reasons:
Activate it and see if it works for you.
That's the default action of the daemon. For example, if the GUI is not running and a new outgoing connection is about to be established, the default action will be applied. Or if you decide to uncheck the Intercept Unknown connections, those connections won't be displayed to the user and the default action of the daemon is applied. |
|
Thanks for the answers. By more accurate do you mean audit provides more accurate information about connection or that it can intercept more connections generally? |
|
I mean that there're more chances to get the process (PID) that created the connection. |
I have installed the program using aur and it installs but the service does not start running. systemd load state is loaded but active state shows forever as activating and unit state is auto-restart.
systemd log shows some errors
ERROR: path=/usr/bin/ip6tables args=[-D INPUT --protocol udp --sport 53 -j NFQUEUE --queue-num 0 --queue-bypass] err=exit status 1 out='Could not open socket to kernel: Address family not supported by protocol
ERROR: path=/usr/bin/iptables args=[-D OUTPUT -m mark --mark 101285 -j DROP] err=exit status 1 out='iptables: Bad rule (does a matching rule exist in that chain?).
ERROR: path=/usr/bin/iptables args=[-D OUTPUT -t mangle -m conntrack --ctstate NEW -j NFQUEUE --queue-num 0 --queue-bypass] err=exit status 1 out='iptables: No chain/target/match by that name.
opensnitchd.service: Main process exited, code=exited, status=1/FAILURE
opensnitchd.service: Failed with result 'exit-code'.
I went through wiki and still could not get it running. Kernel is 5.4.
The text was updated successfully, but these errors were encountered: