Page MenuHomeVyOS Platform
Create Task
Maniphest T5598

unknown parameter 'nf_conntrack_helper' ignored
Closed, ResolvedPublicBUG
Actions

Description

VyOS config:

set system conntrack ignore ipv4 rule 10 destination port '22'
set system conntrack ignore ipv4 rule 10 protocol 'tcp'
set system conntrack ignore ipv4 rule 10 tcp flags syn
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system sysctl parameter net.netfilter.nf_conntrack_tcp_loose value '0'

I found log in dmesg:

vyos@r4# sudo dmesg -T | grep ignor
[Tue Sep 19 17:09:04 2023] nf_conntrack: unknown parameter 'nf_conntrack_helper' ignored
[edit]
vyos@r4#

It seems sysctl conntrack helper was removed here https://github.com/torvalds/linux/commit/b118509076b39cc5e616c0680312b5caaca535fe

One place where I find it in our code is https://github.com/vyos/vyos-1x/blob/38cab26959ded78a737db2272fe25106a2de47b0/data/templates/conntrack/vyos_nf_conntrack.conf.j2#L2

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.5-rolling-202309170024+
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

Viacheslav created this task.Sep 19 2023, 2:34 PM
sarthurdev changed the task status from Open to Confirmed.Sep 21 2023, 9:49 AM
sarthurdev claimed this task.
sarthurdev added a subscriber: sarthurdev.

This is likely also the issue causing T5376

We will need to update the conntrack conf script to set helpers/rules for each enabled module.

pasik added a subscriber: pasik.Sep 21 2023, 10:19 AM
sarthurdev changed the task status from Confirmed to Needs testing.Sep 24 2023, 11:44 AM
sarthurdev moved this task from Need Triage to In Progress on the VyOS 1.5 Circinus board.

PR: https://github.com/vyos/vyos-1x/pull/2304

sarthurdev closed this task as Resolved.Oct 26 2023, 12:36 PM
sarthurdev moved this task from In Progress to Finished on the VyOS 1.5 Circinus board.