Page MenuHomeVyOS Platform

Disabling GRE conntrack module fails
Backport candidate, NormalPublicBUG


As of Linux kernel 5.0, nf_nat_proto_gre is gone and nf_conntrack_proto_gre is built-in to the kernel (no longer a module). Consequently, trying to disable the GRE conntack module fails:

vyos@vyos:~$ configure
vyos@vyos# set system conntrack modules pptp disable
vyos@vyos# set system conntrack modules gre disable
vyos@vyos# commit
[ system conntrack hash-size 32768 ]
Updated conntrack hash size. This change will take affect when the system is rebooted.

[ system conntrack modules gre disable ]
rmmod: ERROR: Module nf_nat_proto_gre is not currently loaded
rmmod: ERROR: Module nf_conntrack_proto_gre is not currently loaded

[[system conntrack]] failed
Commit failed
vyos@vyos# exit discard
vyos@vyos:~$ show version

Version:          VyOS 1.3-beta-202102040443
Release Train:    equuleus

Built by:
Built on:         Thu 04 Feb 2021 04:43 UTC
Build UUID:       d3d7fa63-efaf-435f-9d02-a171a8ecf96b
Build Commit ID:  e5b0cc71295acd

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (Q35 + ICH9, 2009)
Hardware S/N:     
Hardware UUID:    d0204c55-cfc3-47a0-bc5b-459efcb76ba8

Copyright:        VyOS maintainers and contributors

As it is no longer possible to disable GRE connection tracking at runtime, the configuration node should be removed.


Difficulty level
Easy (less than an hour)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline

Viacheslav changed the task status from Open to Confirmed.Fri, Feb 5, 4:17 PM
Viacheslav triaged this task as Normal priority.
Viacheslav changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
Viacheslav changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
stepler changed the task status from Confirmed to In progress.Thu, Feb 11, 1:36 AM
stepler claimed this task.

PR is still pending to clean up the following log entry:

Feb 15 16:20:48 vyos modprobe: FATAL: Module nf_nat_proto_gre not found in directory /lib/modules/5.10.14-amd64-vyos
stepler changed the task status from In progress to Backport candidate.Tue, Feb 16, 10:50 PM

Looks good on 1.4-rolling-202102162107 (including migration from self-built 1.2.0-rolling+202102162120).

Viacheslav changed the task status from Backport candidate to Needs testing.Mon, Feb 22, 10:48 AM
Viacheslav changed the task status from Needs testing to Backport candidate.Mon, Feb 22, 11:09 AM