Page MenuHomeVyOS Platform
Create Task
Maniphest T3290

Disabling GRE conntrack module fails
Closed, ResolvedPublicBUG
Actions

Description

As of Linux kernel 5.0, nf_nat_proto_gre is gone and nf_conntrack_proto_gre is built-in to the kernel (no longer a module). Consequently, trying to disable the GRE conntack module fails:

vyos@vyos:~$ configure
[edit]
vyos@vyos# set system conntrack modules pptp disable
[edit]
vyos@vyos# set system conntrack modules gre disable
[edit]
vyos@vyos# commit
[ system conntrack hash-size 32768 ]
Updated conntrack hash size. This change will take affect when the system is rebooted.

[ system conntrack modules gre disable ]
rmmod: ERROR: Module nf_nat_proto_gre is not currently loaded
rmmod: ERROR: Module nf_conntrack_proto_gre is not currently loaded

[[system conntrack]] failed
Commit failed
[edit]
vyos@vyos# exit discard
exit
vyos@vyos:~$ show version

Version:          VyOS 1.3-beta-202102040443
Release Train:    equuleus

Built by:         autobuild@vyos.net
Built on:         Thu 04 Feb 2021 04:43 UTC
Build UUID:       d3d7fa63-efaf-435f-9d02-a171a8ecf96b
Build Commit ID:  e5b0cc71295acd

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (Q35 + ICH9, 2009)
Hardware S/N:     
Hardware UUID:    d0204c55-cfc3-47a0-bc5b-459efcb76ba8

Copyright:        VyOS maintainers and contributors

As it is no longer possible to disable GRE connection tracking at runtime, the configuration node should be removed.

Details

Version
1.3-beta-202102040443
Is it a breaking change?
Perfectly compatible

Related Objects

Event Timeline

stepler created this task.Feb 5 2021, 3:52 PM
Viacheslav changed the task status from Open to Confirmed.Feb 5 2021, 4:17 PM
Viacheslav triaged this task as Normal priority.
Viacheslav edited a custom field.
Viacheslav changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
Viacheslav claimed this task.Feb 5 2021, 4:53 PM
Viacheslav subscribed.

PR
https://github.com/vyos/vyatta-conntrack/pull/2

Viacheslav removed Viacheslav as the assignee of this task.Feb 10 2021, 9:24 PM
stepler changed the task status from Confirmed to In progress.Feb 11 2021, 1:36 AM
stepler claimed this task.
stepler added a comment.Feb 11 2021, 3:26 AM

PR https://github.com/vyos/vyatta-conntrack/pull/3
PR https://github.com/vyos/vyatta-cfg-firewall/pull/20
PR https://github.com/vyos/vyos-1x/pull/730

Restricted Repository Identity mentioned this in rVYOSONEX14247c27c144: Merge pull request #730 from bstepler/T3290.Feb 11 2021, 7:53 AM
stepler mentioned this in rVYOSONEX91130ca7c386: conntrack: T3290: remove references to removed GRE plugins.Feb 11 2021, 7:53 AM
stepler added a comment.Feb 15 2021, 4:22 PM

PR https://github.com/vyos/vyatta-cfg-firewall/pull/20 is still pending to clean up the following log entry:

Feb 15 16:20:48 vyos modprobe: FATAL: Module nf_nat_proto_gre not found in directory /lib/modules/5.10.14-amd64-vyos
stepler closed this task as Unknown Status.Feb 16 2021, 10:50 PM

Looks good on 1.4-rolling-202102162107 (including migration from self-built 1.2.0-rolling+202102162120).

Viacheslav reopened this task as Needs testing.Feb 22 2021, 10:48 AM
Viacheslav closed this task as Unknown Status.Feb 22 2021, 11:09 AM
stepler added a subscriber: dmbaturin.Mar 15 2021, 8:16 PM

@dmbaturin, don't forget to backport the other two PRs to 1.3:
https://github.com/vyos/vyatta-cfg-firewall/pull/20
https://github.com/vyos/vyos-1x/pull/730

c-po mentioned this in rVYOSONEXee2db552acc7: conntrack: T3290: remove references to removed GRE plugins.Apr 20 2021, 5:37 PM
pasik subscribed.Apr 21 2021, 7:33 AM
stepler changed the task status from Unknown Status to Resolved.Apr 23 2021, 6:54 PM

Looks good on 1.3-rolling-202104220921 (including migration from 1.2.7).

c-po moved this task from Open to Finished on the VyOS 1.4 Sagitta board.May 24 2021, 7:40 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Nov 6 2021, 11:43 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:16 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.