Building a kernel module for Raspberry Pi
Recently, i tried to use iptables for cgroup net_cls flow filter experiment on my raspberry pi 4B, but the Raspbian OS system has no xt_cgroup extension for iptables, as we all know raspbian OS is just a modified debian linux system, so building a netfilter kernel module should be quite simple just like building kernel modules for other linux systems.
But after reading the official Raspberry pi building guide, i found the official guide is too old and not to precise to do this task, so i think it will be interesting to write a guide for someone who wants to build a raspberry kernel module but encounter some errors or find it hard to do so.
After doing several building process and finally made a progress, i think it maybe useful to write down the whole process.
Before building a kernel module, you need to know the kernel version on your raspberry pi by using command
sudo apt search raspberrypi-kernel
it will show something like
raspberrypi-kernel/oldstable,now 1:1.20230405-1 arm64 [installed]
that means your raspberry pi kernel is a 64bit arm system and build on date 20230405, we can use those info to download the exact branch of kernel code on GitHub.
Since we know the kernel version info now, we need to get the kernel code on GitHub by using command
git clone --depth 1 --branch 1.20230405 https://github.com/raspberrypi/linux.git
sometimes we need to check the branch name by looking for tags on the raspberry/linux git repo and find the branch name you need or you will not able to download the precise kernel version and you will definitely not able to build a usable kernel module for your Pi.
After download the kernel code, the next step will be the building process, simply follow the official raspberry pi building guide. I'm using a Pi4 so the command is cd into the downloaded kernel code directory and use the command
KERNEL=kernel8
and then i'm cross building on a Ubuntu PC, so i use
make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- bcm2711_defconfig
then use
make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- menuconfig
to select the netfilter cgroup module, and then
make -j $(nproc) ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- modules
the whole process will be slow but it will be successful after a cup of coffee and some waitings.
The final step is to find the module named xt_cgroup.ko, it is located in './net/netfilter/' directory and named xt_cgroup.ko as expected, and we can copy this module to the Pi and use
insmod xt_cgroup.ko
if you are luck enough like me, no error is reported that means the module is successfully loaded into the kernel, we can check the module by command
lsmod | grep xt_cgroup
For more information, you can always find help from a GitHub guide written by someone else, the link is below.
262588213843476
