Modify

Opened 3 years ago

Closed 3 years ago

#19308 closed defect (fixed)

ar71xx/mikrotik: xt_conntrack: cannot load conntrack support for proto=2

Reported by: joaochainho@… Owned by: developers
Priority: normal Milestone:
Component: packages Version: Trunk
Keywords: Cc:

Description

Arch: ar71xx
Device: Mikrotik RB750UP
Revision: Trunk r44995
Kernel: 3.18.9

Hi,
I'm getting these strange errors.

[   18.170000] device eth0 entered promiscuous mode
[   18.170000] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready
[   18.240000] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
[   19.120000] xt_conntrack: cannot load conntrack support for proto=2  <--
[   21.150000] eth1: link up (100Mbps/Full duplex)
[   21.150000] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
[   25.370000] cannot load conntrack support for proto=2                <--
[   25.430000] cannot load conntrack support for proto=2                <--
[   27.290000] xt_conntrack: cannot load conntrack support for proto=2  <--
[   79.590000] random: nonblocking pool is initialized

Tried a clean build with no luck.

'fw3' commands also output errors.

Here's 'fw3 restart' output,

 * Flushing IPv4 filter table
 * Flushing IPv4 mangle table
 * Flushing IPv4 raw table
 * Flushing IPv6 filter table
 * Flushing IPv6 mangle table
 * Flushing IPv6 raw table
 * Flushing conntrack table ...
 * Populating IPv4 filter table
   * Zone 'lan'
   * Zone 'wan'
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-Ping'
   * Forward 'lan' -> 'wan'
[  291.880000] xt_conntrack: cannot load conntrack support for proto=2
Warning: iptc_commit(): Protocol wrong type for socket
 * Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv4 raw table
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv6 filter table
   * Zone 'lan'
   * Zone 'wan'
   * Rule 'Allow-DHCPv6'
   * Rule 'Allow-ICMPv6-Input'
   * Rule 'Allow-ICMPv6-Forward'
   * Forward 'lan' -> 'wan'
 * Populating IPv6 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv6 raw table
   * Zone 'lan'
   * Zone 'wan'
 * Set tcp_ecn to off
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on
 * Running script '/etc/firewall.user'

and 'fw3 reload'.

 * Clearing IPv4 filter table
 * Clearing IPv4 mangle table
 * Clearing IPv4 raw table
 * Populating IPv4 filter table
   * Zone 'lan'
Warning: fw3_ipt_rule_append(): Can't find target 'input_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'ou[  303.560000] xt_conntrack: cannot load conntrack support for proto=2
tput_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'forwarding_lan_rule'
   * Zone 'wan'
Warning: fw3_ipt_rule_append(): Can't find target 'input_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'output_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'forwarding_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'input_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'output_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'forwarding_rule'
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-Ping'
   * Forward 'lan' -> 'wan'
Warning: iptc_commit(): Protocol wrong type for socket
 * Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv4 raw table
   * Zone 'lan'
   * Zone 'wan'
 * Clearing IPv6 filter table
 * Clearing IPv6 mangle table
 * Clearing IPv6 raw table
 * Populating IPv6 filter table
   * Zone 'lan'
   * Zone 'wan'
   * Rule 'Allow-DHCPv6'
   * Rule 'Allow-ICMPv6-Input'
   * Rule 'Allow-ICMPv6-Forward'
   * Forward 'lan' -> 'wan'
 * Populating IPv6 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv6 raw table
   * Zone 'lan'
   * Zone 'wan'
 * Set tcp_ecn to off
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on

I can provide more info or do further testing if needed.
TIA

Attachments (0)

Change History (4)

comment:1 Changed 3 years ago by joaochainho@…

Meanwhile I found something more about the problem.

root@OpenWrt:/# insmod nf_conntrack_ipv4
[ 1917.810000] nf_conntrack_ipv4: Unknown symbol nf_defrag_ipv4_enable (err 0)
failed to insert /lib/modules/3.18.9/nf_conntrack_ipv4.ko

root@OpenWrt:/etc/modules.d# cat nf-conntrack
nf_conntrack
nf_conntrack_rtcache
nf_defrag_ipv4
nf_conntrack_ipv4

root@OpenWrt:/etc/modules.d# insmod nf_conntrack
module is already loaded - nf_conntrack
root@OpenWrt:/etc/modules.d# insmod nf_conntrack_rtcache
module is already loaded - nf_conntrack_rtcache
root@OpenWrt:/etc/modules.d# insmod nf_defrag_ipv4
root@OpenWrt:/etc/modules.d# insmod nf_conntrack_ipv4

It seems that the 'insmod nf_defrag_ipv4' didn't load during boot, thus preventing 'nf_conntrack_ipv4' from loading.
'fw3' commands now run fine.
Any clue on this?
BTW I'm running a clean build/clean install.

TIA

comment:2 Changed 3 years ago by joaochainho@…

Looking deeper into the problem, I found that there are more unloaded modules,

  • xt_connlimit
  • xt_id
  • iptable_nat
  • nf_defrag_ipv4
  • nf_conntrack_ipv4

and that there are duplicates on '/etc/modules.d/ipt-nat'.
It seems that there are some modules being loaded out of order.

root@OpenWrt:/# cat /etc/modules.d/ipt-nat 
xt_nat
xt_nat
iptable_nat
iptable_nat
ipt_MASQUERADE
nf_nat_masquerade_ipv4
xt_REDIRECT

------------------------------

root@OpenWrt:/etc/modules.d# ls *ip*t* nf*
42-ip6tables          ipt-ipopt             nf-ipt
49-ipt-ipset          ipt-nat               nf-ipt6
ipt-conntrack         nf-conntrack          nf-ipt6
ipt-conntrack-extra   nf-conntrack-netlink  nf-nat
ipt-core              nf-conntrack6         nfnetlink
ipt-filter            nf-ipt

------------------------------

root@OpenWrt:/etc/modules.d# for m in `cat *ip*t* nf*`; do echo "-> Inserting $m..."; insmod $m; done
-> Inserting ip6table_filter...
module is already loaded - ip6table_filter
-> Inserting ip6table_mangle...
module is already loaded - ip6table_mangle
-> Inserting ip6table_raw...
module is already loaded - ip6table_raw
-> Inserting nf_log_ipv6...
module is already loaded - nf_log_ipv6
-> Inserting ip6t_REJECT...
module is already loaded - ip6t_REJECT
-> Inserting nf_reject_ipv6...
module is already loaded - nf_reject_ipv6
-> Inserting ip_set...
module is already loaded - ip_set
-> Inserting ip_set_bitmap_ip...
module is already loaded - ip_set_bitmap_ip
-> Inserting ip_set_bitmap_ipmac...
module is already loaded - ip_set_bitmap_ipmac
-> Inserting ip_set_bitmap_port...
module is already loaded - ip_set_bitmap_port
-> Inserting ip_set_hash_ip...
module is already loaded - ip_set_hash_ip
-> Inserting ip_set_hash_ipmark...
module is already loaded - ip_set_hash_ipmark
-> Inserting ip_set_hash_ipport...
module is already loaded - ip_set_hash_ipport
-> Inserting ip_set_hash_ipportip...
module is already loaded - ip_set_hash_ipportip
-> Inserting ip_set_hash_ipportnet...
module is already loaded - ip_set_hash_ipportnet
-> Inserting ip_set_hash_mac...
module is already loaded - ip_set_hash_mac
-> Inserting ip_set_hash_netportnet...
module is already loaded - ip_set_hash_netportnet
-> Inserting ip_set_hash_net...
module is already loaded - ip_set_hash_net
-> Inserting ip_set_hash_netnet...
module is already loaded - ip_set_hash_netnet
-> Inserting ip_set_hash_netport...
module is already loaded - ip_set_hash_netport
-> Inserting ip_set_hash_netiface...
module is already loaded - ip_set_hash_netiface
-> Inserting ip_set_list_set...
module is already loaded - ip_set_list_set
-> Inserting xt_set...
module is already loaded - xt_set
-> Inserting xt_state...
module is already loaded - xt_state
-> Inserting iptable_raw...
module is already loaded - iptable_raw
-> Inserting xt_CT...
module is already loaded - xt_CT
-> Inserting xt_conntrack...
module is already loaded - xt_conntrack
-> Inserting xt_connbytes...
module is already loaded - xt_connbytes
-> Inserting xt_connlimit...									<-- NOT LOADED
-> Inserting xt_connmark...
module is already loaded - xt_connmark
-> Inserting xt_helper...
module is already loaded - xt_helper
-> Inserting xt_recent...
module is already loaded - xt_recent
-> Inserting xt_tcpudp...
module is already loaded - xt_tcpudp
-> Inserting iptable_filter...
module is already loaded - iptable_filter
-> Inserting iptable_mangle...
module is already loaded - iptable_mangle
-> Inserting xt_limit...
module is already loaded - xt_limit
-> Inserting xt_mac...
module is already loaded - xt_mac
-> Inserting xt_multiport...
module is already loaded - xt_multiport
-> Inserting xt_comment...
module is already loaded - xt_comment
-> Inserting xt_id...											<-- NOT LOADED
-> Inserting xt_LOG...
module is already loaded - xt_LOG
-> Inserting nf_log_common...
module is already loaded - nf_log_common
-> Inserting nf_log_ipv4...
module is already loaded - nf_log_ipv4
-> Inserting xt_TCPMSS...
module is already loaded - xt_TCPMSS
-> Inserting ipt_REJECT...
module is already loaded - ipt_REJECT
-> Inserting nf_reject_ipv4...
module is already loaded - nf_reject_ipv4
-> Inserting xt_time...
module is already loaded - xt_time
-> Inserting xt_mark...
module is already loaded - xt_mark
-> Inserting xt_string...
module is already loaded - xt_string
-> Inserting xt_dscp...
module is already loaded - xt_dscp
-> Inserting xt_DSCP...
module is already loaded - xt_DSCP
-> Inserting xt_length...
module is already loaded - xt_length
-> Inserting xt_statistic...
module is already loaded - xt_statistic
-> Inserting xt_tcpmss...
module is already loaded - xt_tcpmss
-> Inserting xt_CLASSIFY...
module is already loaded - xt_CLASSIFY
-> Inserting ipt_ECN...
module is already loaded - ipt_ECN
-> Inserting xt_ecn...
module is already loaded - xt_ecn
-> Inserting xt_hl...
module is already loaded - xt_hl
-> Inserting xt_HL...
module is already loaded - xt_HL
-> Inserting xt_nat...
module is already loaded - xt_nat
-> Inserting xt_nat...
module is already loaded - xt_nat
-> Inserting iptable_nat...										<-- NOT LOADED
[  120.800000] iptable_nat: Unknown symbol nf_nat_ipv4_fn (err 0)
[  120.810000] iptable_nat: Unknown symbol nf_nat_ipv4_local_fn (err 0)
[  120.820000] iptable_nat: Unknown symbol nf_nat_ipv4_out (err 0)
[  120.820000] iptable_nat: Unknown symbol nf_nat_ipv4_in (err 0)
failed to insert /lib/modules/3.18.9/iptable_nat.ko
-> Inserting iptable_nat...						<-- NOT LOADED
[  120.840000] iptable_nat: Unknown symbol nf_nat_ipv4_fn (err 0)
[  120.850000] iptable_nat: Unknown symbol nf_nat_ipv4_local_fn (err 0)
[  120.850000] iptable_nat: Unknown symbol nf_nat_ipv4_out (err 0)
[  120.860000] iptable_nat: Unknown symbol nf_nat_ipv4_in (err 0)
failed to insert /lib/modules/3.18.9/iptable_nat.ko
-> Inserting ipt_MASQUERADE...
module is already loaded - ipt_MASQUERADE
-> Inserting nf_nat_masquerade_ipv4...
module is already loaded - nf_nat_masquerade_ipv4
-> Inserting xt_REDIRECT...
module is already loaded - xt_REDIRECT
-> Inserting ip_tables...
module is already loaded - ip_tables
-> Inserting x_tables...
module is already loaded - x_tables
-> Inserting ip6_tables...
module is already loaded - ip6_tables
-> Inserting nf_conntrack...
module is already loaded - nf_conntrack
-> Inserting nf_conntrack_rtcache...
module is already loaded - nf_conntrack_rtcache
-> Inserting nf_defrag_ipv4...									<-- NOT LOADED
-> Inserting nf_conntrack_ipv4...								<-- NOT LOADED
-> Inserting nf_conntrack_netlink...
module is already loaded - nf_conntrack_netlink
-> Inserting nf_defrag_ipv6...
module is already loaded - nf_defrag_ipv6
-> Inserting nf_conntrack_ipv6...
module is already loaded - nf_conntrack_ipv6
-> Inserting ip_tables...
module is already loaded - ip_tables
-> Inserting x_tables...
module is already loaded - x_tables
-> Inserting ip6_tables...
module is already loaded - ip6_tables
-> Inserting nf_nat...
module is already loaded - nf_nat
-> Inserting nf_nat_ipv4...
-> Inserting nfnetlink...
module is already loaded - nfnetlink

comment:3 Changed 3 years ago by joaochainho@…

Hi,
The problem seems to be fixed on latest trunk (r45353).
I think the ticket can be closed.

comment:4 Changed 3 years ago by nbd

  • Resolution set to fixed
  • Status changed from new to closed

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.