Error: syntax error, options must be specified before commands #218

Jayrgo · 2023-04-17T18:57:31Z

I use nftables and get this error.

Error: syntax error, options must be specified before commands
nft add rule inet vopono_bridge forward iifname -*** oifname *** counter accept 
   ^                                            ~~

Error: Failed to add nftables bridge input accept rule, host_interface: -***, namespace interface: ***

$ vopono -V
vopono 0.10.5

The text was updated successfully, but these errors were encountered:

jamesmcm · 2023-04-17T19:02:40Z

I think the issue is the - at the start of the input interface name, can you check why it's there? Like what is the network interface you're using if you check ip addr for example?

Jayrgo · 2023-04-17T19:12:11Z

I don't know why it's there, I don't looked at the source code.
My interfaces doesn't start with -.
sudo vopono -v exec --provider ProtonVPN --server netherlands-nl-free.ovpn <CMD>

Error: syntax error, options must be specified before commands nft add rule inet vopono_bridge forward iifname -nl-free.ovpn_d oifname *** counter accept ^ ~~

Jayrgo · 2023-04-18T14:39:52Z

I think I've found the error:

let basename = &self.name[((self.name.len() as i32) - 13).max(0) as usize..self.name.len()];
https://github.com/jamesmcm/vopono/blob/0.10.5/vopono_core/src/network/netns.rs#L180

jamesmcm · 2023-04-18T17:54:11Z

The relevant lines are:

vopono/vopono_core/src/network/host_masquerade.rs

Lines 187 to 200 in b20fa67

    
           sudo_command(&[ 
        
               "nft", 
        
               "add", 
        
               "rule", 
        
               "inet", 
        
               "vopono_bridge", 
        
               "forward", 
        
               "iifname", 
        
               &host_interface.name, 
        
               "oifname", 
        
               &ns_interface.name, 
        
               "counter", 
        
               "accept", 
        
           ])

Which uses the host_interface NetworkInterface name, set and logged here:

vopono/src/exec.rs

Lines 317 to 333 in 273461c

    
           let interface: NetworkInterface = match interface { 
        
               Some(x) => anyhow::Result::<NetworkInterface>::Ok(x), 
        
               None => { 
        
                   let active_interfaces = get_active_interfaces()?; 
        
                   if active_interfaces.len() > 1 { 
        
                       warn!("Multiple network interfaces are active: {:#?}, consider specifying the interface with the -i argument. Using {}", &active_interfaces, &active_interfaces[0]); 
        
                   } 
        
                   Ok( 
        
                   NetworkInterface::new( 
        
                   active_interfaces 
        
                       .into_iter() 
        
                       .next() 
        
                       .ok_or_else(|| anyhow!("No active network interface - consider overriding network interface selection with -i argument"))?, 
        
               )?) 
        
               } 
        
           }?; 
        
           debug!("Interface: {}", &interface.name);

It'd be really helpful if you could attach the full output with the -v flag and the network interface name it tries to use. It's most likely a bug in the parsing of active network interfaces from ip addr here:

vopono/vopono_core/src/network/network_interface.rs

Lines 41 to 63 in 273461c

    
           pub fn get_active_interfaces() -> anyhow::Result<Vec<String>> { 
        
               debug!("ip addr"); 
        
               let output = Command::new("ip") 
        
                   .arg("addr") 
        
                   .output() 
        
                   .with_context(|| "Failed to run command: ip addr".to_string())? 
        
                   .stdout; 
        
               let out = std::str::from_utf8(&output)? 
        
                   .split('\n') 
        
                   .filter(|x| x.contains("state UP")) 
        
                   .map(|x| x.split_whitespace().nth(1)) 
        
                   .filter(|x| x.is_some()) 
        
                   .flatten() 
        
                   .map(|x| String::from(&x[..x.len() - 1])) 
        
                   .collect::<Vec<String>>(); 
        
               if !out.is_empty() { 
        
                   Ok(out) 
        
               } else { 
        
                   Err(anyhow!("Failed to get active network interface - consider using -i argument to override network interface")) 
        
               } 
        
           }

But it's hard to debug without knowing the actual interface names / ip addr output causing the issue.

Jayrgo · 2023-04-18T18:19:29Z

$ vopono -v exec --provider ProtonVPN --server netherlands-nl-free.ovpn <CMD>

 2023-04-18T18:02:36.564Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/***/.config
 2023-04-18T18:02:36.569Z WARN  vopono            > Could not parse PULSE_SERVER from pactl info output: Err(Could not parse pactl output!:
Server-Zeichenkette: /run/user/***/pulse/native
Bibliotheks-Protokollversion: 35
Server-Protokollversion: 35
ist lokal: ja
Client-Index: 78
Tile-Größe: 65472
Name des Benutzers: ***
Rechnername: ***
Name des Servers: pulseaudio
Version des Servers: 16.1
Standard-Abtastwert-Angabe: s16le 2ch 44100Hz
Standard-Kanal-Zuordnung: front-left,front-right
Standard-Ziel: alsa_output.***
Standard-Quelle: alsa_input.***
Cookie: ***
)
 2023-04-18T18:02:36.569Z INFO  vopono_core::util > Calling sudo for elevated privileges, current user will be used as default user
 2023-04-18T18:02:36.569Z DEBUG vopono_core::util > Args: ["vopono", "-v", "exec", "--provider", "ProtonVPN", "--server", "netherlands-nl-free.ovpn", "<CMD>"]
 2023-04-18T18:02:36.774Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/***/.config
 2023-04-18T18:02:36.779Z WARN  vopono            > Could not parse PULSE_SERVER from pactl info output: Err(Could not parse pactl output!:
)
 2023-04-18T18:02:36.779Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/***/.config
 2023-04-18T18:02:36.780Z DEBUG vopono_core::util > Existing namespaces: []
 2023-04-18T18:02:36.780Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/***/.config
 2023-04-18T18:02:36.780Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/***/.config
 2023-04-18T18:02:36.780Z DEBUG vopono::exec      > vopono config.toml: configuration property "firewall" not found
 2023-04-18T18:02:36.780Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_config" not found
 2023-04-18T18:02:36.780Z DEBUG vopono::exec      > vopono config.toml: configuration property "custom_netns_name" not found
 2023-04-18T18:02:36.780Z DEBUG vopono::exec      > vopono config.toml: configuration property "open_hosts" not found
 2023-04-18T18:02:36.780Z DEBUG vopono::exec      > vopono config.toml: configuration property "allow_host_access" not found
 2023-04-18T18:02:36.780Z DEBUG vopono::exec      > vopono config.toml: configuration property "postup" not found
 2023-04-18T18:02:36.780Z DEBUG vopono::exec      > vopono config.toml: configuration property "predown" not found
 2023-04-18T18:02:36.780Z DEBUG vopono::exec      > vopono config.toml: configuration property "user" not found
 2023-04-18T18:02:36.780Z DEBUG vopono::exec      > vopono config.toml: configuration property "group" not found
 2023-04-18T18:02:36.780Z DEBUG vopono::exec      > vopono config.toml: configuration property "working-directory" not found
 2023-04-18T18:02:36.780Z DEBUG vopono::exec      > vopono config.toml: configuration property "dns" not found
 2023-04-18T18:02:36.780Z DEBUG vopono::exec      > vopono config.toml: configuration property "protocol" not found
 2023-04-18T18:02:36.780Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/***/.config
 2023-04-18T18:02:36.780Z DEBUG vopono::exec      > vopono config.toml: configuration property "interface" not found
 2023-04-18T18:02:36.780Z DEBUG vopono_core::network::network_interface > ip addr
 2023-04-18T18:02:36.781Z DEBUG vopono::exec                            > Interface: eth0
 2023-04-18T18:02:36.781Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /home/***/.config
 2023-04-18T18:02:36.781Z INFO  vopono_core::util                       > Chosen config: /home/***/.config/vopono/proton/openvpn/netherlands-nl-free.ovpn
 2023-04-18T18:02:36.782Z DEBUG vopono_core::util                       > Existing namespaces: []
 2023-04-18T18:02:36.782Z DEBUG vopono_core::util                       > ip netns add vopono_proton_netherlands-nl-free.ovpn
 2023-04-18T18:02:36.784Z INFO  vopono_core::network::netns             > Created new network namespace: vopono_proton_netherlands-nl-free.ovpn
 2023-04-18T18:02:36.785Z DEBUG vopono_core::util                       > Existing interfaces: 
 2023-04-18T18:02:36.785Z DEBUG vopono_core::util                       > Assigned IPs: []
 2023-04-18T18:02:36.785Z DEBUG vopono_core::network::netns             > ip netns exec vopono_proton_netherlands-nl-free.ovpn ip addr add 127.0.0.1/8 dev lo
 2023-04-18T18:02:36.787Z DEBUG vopono_core::network::netns             > ip netns exec vopono_proton_netherlands-nl-free.ovpn ip link set lo up
STATE      CONNECTIVITY  WIFI-HW  WIFI       WWAN-HW  WWAN      
verbunden  vollständig   missing  aktiviert  missing  aktiviert 
 2023-04-18T18:02:36.803Z DEBUG vopono_core::network::veth_pair         > Detected NetworkManager running
 2023-04-18T18:02:36.803Z DEBUG vopono_core::network::veth_pair         > NetworkManager detected, adding -nl-free.ovpn_d to unmanaged devices
 2023-04-18T18:02:36.803Z DEBUG vopono_core::network::veth_pair         > Appending to existing NetworkManager config file: /etc/NetworkManager/conf.d/unmanaged.conf
 2023-04-18T18:02:36.803Z DEBUG vopono_core::util                       > nmcli connection reload
 2023-04-18T18:02:36.814Z DEBUG vopono_core::network::veth_pair         > firewalld not detected running
 2023-04-18T18:02:36.814Z DEBUG vopono_core::util                       > ip link add -nl-free.ovpn_d type veth peer name -nl-free.ovpn_s
 2023-04-18T18:02:36.816Z DEBUG vopono_core::util                       > ip link set -nl-free.ovpn_d up
 2023-04-18T18:02:36.818Z DEBUG vopono_core::util                       > ip link set -nl-free.ovpn_s netns vopono_proton_netherlands-nl-free.ovpn up
 2023-04-18T18:02:36.848Z DEBUG vopono_core::util                       > ip addr add 10.200.1.1/24 dev -nl-free.ovpn_d
 2023-04-18T18:02:36.850Z DEBUG vopono_core::network::netns             > ip netns exec vopono_proton_netherlands-nl-free.ovpn ip addr add 10.200.1.2/24 dev -nl-free.ovpn_s
 2023-04-18T18:02:36.853Z DEBUG vopono_core::network::netns             > ip netns exec vopono_proton_netherlands-nl-free.ovpn ip route add default via 10.200.1.1 dev -nl-free.ovpn_s
 2023-04-18T18:02:36.856Z INFO  vopono_core::network::netns             > IP address of namespace as seen from host: 10.200.1.2
 2023-04-18T18:02:36.857Z INFO  vopono_core::network::netns             > IP address of host as seen from namespace: 10.200.1.1
 2023-04-18T18:02:36.857Z DEBUG vopono_core::util                       > nft add table inet vopono_nat
 2023-04-18T18:02:36.858Z DEBUG vopono_core::util                       > nft add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }
 2023-04-18T18:02:36.861Z DEBUG vopono_core::util                       > nft add rule inet vopono_nat postrouting oifname eth0 ip saddr 10.200.1.0/24 counter masquerade
 2023-04-18T18:02:36.865Z DEBUG vopono_core::util                       > nft add table inet vopono_bridge
 2023-04-18T18:02:36.867Z DEBUG vopono_core::util                       > nft add chain inet vopono_bridge forward { type filter hook forward priority -10 ; }
 2023-04-18T18:02:36.869Z DEBUG vopono_core::util                       > nft add rule inet vopono_bridge forward iifname -nl-free.ovpn_d oifname eth0 counter accept
Error: syntax error, options must be specified before commands
nft add rule inet vopono_bridge forward iifname -nl-free.ovpn_d oifname eth0 counter accept 
   ^                                            ~~
 2023-04-18T18:02:36.871Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /home/***/.config
 2023-04-18T18:02:36.871Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /home/***/.config
 2023-04-18T18:02:36.871Z INFO  vopono_core::network::netns             > Shutting down vopono namespace - as there are no processes left running inside
 2023-04-18T18:02:36.871Z DEBUG vopono_core::util                       > ip link delete -nl-free.ovpn_d
 2023-04-18T18:02:36.898Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /home/***/.config
 2023-04-18T18:02:36.898Z DEBUG vopono_core::util                       > nmcli connection reload
 2023-04-18T18:02:36.911Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /home/***/.config
 2023-04-18T18:02:36.911Z DEBUG vopono_core::network::host_masquerade   > Remaining namespaces: Ok({})
 2023-04-18T18:02:36.911Z DEBUG vopono_core::util                       > nft delete table inet vopono_nat
 2023-04-18T18:02:36.914Z DEBUG vopono_core::util                       > ip netns delete vopono_proton_netherlands-nl-free.ovpn
Error: Failed to add nftables bridge input accept rule, host_interface: -nl-free.ovpn_d, namespace interface: eth0

Caused by:
    Command failed: nft add rule inet vopono_bridge forward iifname -nl-free.ovpn_d oifname eth0 counter accept

jamesmcm · 2023-04-18T19:16:55Z

Thanks, as you mentioned it is the generated veth link name that is the issue. This is actually fixed in PR #214, sorry I forgot that wasn't released yet - but if you build from master it should be okay.

I'll try to do a release on the weekend, but I'd like to fix #201 too (but it requires creating a ProtonVPN Plus account again).

It'd also be good to ensure we strip out -s from the name even when it is less than 7 characters too which is easy to add there as well.

Jayrgo · 2023-04-19T14:53:36Z

but if you build from master it should be okay

I build from master and it's working, thank you

jamesmcm · 2023-05-05T21:06:03Z

Fixed in 0.10.6 release - https://github.com/jamesmcm/vopono/releases/tag/0.10.6

jamesmcm mentioned this issue Apr 18, 2023

Fix pactl parsing when in non-English language #220

Merged

jamesmcm closed this as completed May 5, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Error: syntax error, options must be specified before commands #218

Error: syntax error, options must be specified before commands #218

Jayrgo commented Apr 17, 2023

jamesmcm commented Apr 17, 2023

Jayrgo commented Apr 17, 2023

Jayrgo commented Apr 18, 2023

jamesmcm commented Apr 18, 2023

Jayrgo commented Apr 18, 2023

jamesmcm commented Apr 18, 2023

Jayrgo commented Apr 19, 2023

jamesmcm commented May 5, 2023

Error: syntax error, options must be specified before commands #218

Error: syntax error, options must be specified before commands #218

Comments

Jayrgo commented Apr 17, 2023

jamesmcm commented Apr 17, 2023

Jayrgo commented Apr 17, 2023

Jayrgo commented Apr 18, 2023

jamesmcm commented Apr 18, 2023

Jayrgo commented Apr 18, 2023

jamesmcm commented Apr 18, 2023

Jayrgo commented Apr 19, 2023

jamesmcm commented May 5, 2023