Received: from MAILRELAY-RZ.hafenthal.de (gw1.hafenthal.de [212.185.86.82])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 14F69780EC8
	for <~alpine/users@lists.alpinelinux.org>; Thu, 11 Mar 2021 19:11:35 +0000 (UTC)
Received: from MAILRELAY-RZ (localhost [127.0.0.1])
	by MAILRELAY-RZ.hafenthal.de (Postfix) with ESMTP id 6F789160FD7
	for <~alpine/users@lists.alpinelinux.org>; Thu, 11 Mar 2021 19:11:34 +0000 (UTC)
Received: from localhost (127.0.0.1)
 by MAILRELAY-RZ (F-Secure/fsigk_smtp/550/MAILRELAY-RZ);
 Thu, 11 Mar 2021 19:11:34 +0000 (UTC)
X-Virus-Status: clean(F-Secure/fsigk_smtp/550/MAILRELAY-RZ)
Received: from GROUPWARE-S18.hafenthal.de (GROUPWARE-S18.hafenthal.de [10.18.8.20])
	by gw1.hafenthal.de (Postfix) with ESMTPS id 57444160FC4
	for <~alpine/users@lists.alpinelinux.org>; Thu, 11 Mar 2021 19:11:34 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by GROUPWARE-S18.hafenthal.de (Postfix) with ESMTP id BBEDA20264
	for <~alpine/users@lists.alpinelinux.org>; Thu, 11 Mar 2021 20:11:33 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at GROUPWARE-S18.hafenthal.de
Received: from GROUPWARE-S18.hafenthal.de ([IPv6:::1])
	by localhost (groupware-s18.hafenthal.de [IPv6:::1]) (amavisd-new, port 10041)
	with ESMTP id w18iYKLQFoYM for <~alpine/users@lists.alpinelinux.org>;
	Thu, 11 Mar 2021 20:11:32 +0100 (CET)
Received: from [10.18.16.35] (DTR15.hafenthal.de [10.18.16.35])
	by GROUPWARE-S18.hafenthal.de (Postfix) with ESMTPSA id 5753420200
	for <~alpine/users@lists.alpinelinux.org>; Thu, 11 Mar 2021 20:11:32 +0100 (CET)
To: ~alpine/users@lists.alpinelinux.org
From: Stefan Hartmann <stefanh@hafenthal.de>
Subject: nftables nft_objref.ko missing ct helper "set" not possible
Organization: =?UTF-8?Q?Ingenieurb=c3=bcro_Hartmann?=
Message-ID: <291ae3b7-89b7-114a-3bbb-8dee54463b7d@hafenthal.de>
Date: Thu, 11 Mar 2021 20:11:32 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: de-DE
Content-Transfer-Encoding: 7bit

Hi,

I am using nftables on different x86_64 physical hardware installations 
with the wonderful Alpine Linux.

Now I want to use the nftables SIP conntrack helper to open the related 
RTP connections to the ITSP.

When I am trying to assign the helper with "set", eg for testing 
purposes with

"add rule ip TABLE4 CHAIN4 tcp dport 5060 counter ct helper set 
"sip-tcp-5060" accept"

there appears the error message "Error: Could not process rule: No such 
file or directory".


On Devuan, Debian this is working.
I noticed that on these distros there is a kernel module nft_objref.ko, 
that is missing in Alpine x86_64!
If I blacklist this module on Devuan, then the same error appears.

Interestingly this kernel module is included in the alpine linux-rpi2, 
but not in x86_64.

The helper modules are all present in x86_64, eg nf_conntrack_sip.ko, 
but are not usable, when I am right.

I ask here if someone stumbled over the same issue?
Or is there a workaround - other than recompile the kernel with this 
module enabled.
Are there specific considerations not to enable it in x86_64 but in arm?


-- 
Thanks,
Stefan Hartmann