~alpine/users

nftables nft_objref.ko missing ct helper "set" not possible

Stefan Hartmann <stefanh@hafenthal.de>
Details
Message ID
<291ae3b7-89b7-114a-3bbb-8dee54463b7d@hafenthal.de>
DKIM signature
missing
Download raw message
3 years ago 
Hi,

I am using nftables on different x86_64 physical hardware installations 
with the wonderful Alpine Linux.

Now I want to use the nftables SIP conntrack helper to open the related 
RTP connections to the ITSP.

When I am trying to assign the helper with "set", eg for testing 
purposes with

"add rule ip TABLE4 CHAIN4 tcp dport 5060 counter ct helper set 
"sip-tcp-5060" accept"

there appears the error message "Error: Could not process rule: No such 
file or directory".


On Devuan, Debian this is working.
I noticed that on these distros there is a kernel module nft_objref.ko, 
that is missing in Alpine x86_64!
If I blacklist this module on Devuan, then the same error appears.

Interestingly this kernel module is included in the alpine linux-rpi2, 
but not in x86_64.

The helper modules are all present in x86_64, eg nf_conntrack_sip.ko, 
but are not usable, when I am right.

I ask here if someone stumbled over the same issue?
Or is there a workaround - other than recompile the kernel with this 
module enabled.
Are there specific considerations not to enable it in x86_64 but in arm?


-- 
Thanks,
Stefan Hartmann
Reply to thread Export thread (mbox)