From 6a138324d2c8a9164e4bf138a3e3eafe20800957 Mon Sep 17 00:00:00 2001 From: Vadim Vetrov Date: Tue, 29 Apr 2025 23:35:55 +0300 Subject: [PATCH] Mention kernel modules in troubleshooting #247 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d7ec045..9a9532c 100644 --- a/README.md +++ b/README.md @@ -358,7 +358,7 @@ Where you have to replace 192.168.. with ip of your television. *EPERM* may occur in a lot of places but generally here are two: *mnl_cb_run* and when sending the packet via *rawsocket* (raw_frags_send and send fake sni). -- **mnl_cb_run** *Operation not permitted* indicates that another instance of youtubeUnblock is running on the specified queue-num. +- **mnl_cb_run** *Operation not permitted* indicates the problem in establishing netfilter queue. This may occur due to various reasons, but two the most common reasons are: issues in nfqueue kernel modules and another instance of youtubeUnblock running with the same queue-num. For first issue, check up your kernel modules installed and running. On OpenWRT you might forgot to install the dependencies (#openwrt-pre-configuration)[#openwrt-pre-configuration]. For second issue check up running youtubeUnblock instances via `ps -e | grep youtubeUnblock`. If you found some, you may kill them all via `killall youtubeUnblock`. - **rawsocket** *Operation not permitted* indicates that the packet is being dropped by nefilter rules. In fact this is a hint from the kernel that something wrong is going on and we should check the firewall rules. Before dive into the problem let's make it clean how the mangled packets are being sent. Nefilter queue provides us with the ability to mangle the packet on fly but that is not suitable for this program because we need to split the packet to at least two independent packets. So we are using [linux raw sockets](https://man7.org/linux/man-pages/man7/raw.7.html) which allows us to send any ipv4 packet. **The packet goes from the OUTPUT chain even when NFQUEUE is set up on FORWARD (suitable for OpenWRT).** So we need to escape packet rejects here. * raw_frags_send EPERM: just make sure outgoing traffic is allowed (RELATED,ESTABLISHED should work, if not, go to step 3)