conntrack: generic helper won't handle protocol 47

mfoley · 03-05-2017, 04:17 PM

I have just installed new hardware: Intel Xeon E5-2620 v3 @ 2.40GHz, ASRock X99 Extreme4 motherboard and 8G of ECC memory.

Since doing so I am occasionally getting the error:

Code:

kernel: conntrack: generic helper won't handle protocol 47. Please consider loading the specific helper module.

I didn't have this error with the previous hardware configuration. I can't find any resolution for this searching the net. Does anyone know what causes it? Is it a problem or just informational?

smallpond · 03-06-2017, 09:22 AM

Nothing to do with your hardware. Are you trying to support PPTP?

http://www.linuxquestions.org/questi...tables-210334/

mfoley · 03-06-2017, 12:08 PM

Quote:

Originally Posted by smallpond

Nothing to do with your hardware. Are you trying to support PPTP?

http://www.linuxquestions.org/questi...tables-210334/

No, not trying to support PPTP. Kind of odd that the 1st time this message appears in the syslog is after the new hardware was installed. I've found that this has to do with the conntrack utility, but I'm not running conntrackd. I can't figure out where this message is coming from. nf_conntrack is loaded as a kernel module.

I notice this message about 10 minutes after rebooting, then it doesn't appear again during that boot session.

tony_ar · 09-06-2021, 04:33 AM

I appreciate this is an old, old thread, however I didn't find much info anywhere else to answer the question - so if anyone else lands here looking for the answer hopefully this will help.

I believe the solution is to load the nf_conntrack_proto_gre module.

GRE packets that are encapsulated within IP use IP protocol type 47 - see Generic Routing Encapsulation on Wikipedia for more info.

I created a new file (gre.conf) in /etc/modules-load.d to load the module automatically at boot.

This file just needs the single line: nf_conntrack_proto_gre

To load it manually:

Code:

modprobe nf_conntrack_proto_gre

Code:

lsmod |grep conntrack
nf_conntrack_proto_gre    16384  0
xt_conntrack           16384  33
nf_conntrack_netlink    49152  0
nf_conntrack          172032  8 xt_conntrack,nf_nat,xt_state,ipt_MASQUERADE,nf_nat_ipv4,xt_nat,nf_conntrack_netlink,nf_conntrack_proto_gre
nf_defrag_ipv6         20480  1 nf_conntrack
nf_defrag_ipv4         16384  1 nf_conntrack
libcrc32c              16384  2 nf_conntrack,nf_nat
nfnetlink              16384  12 nft_compat,nf_conntrack_netlink,nf_tables,nfnetlink_log
x_tables               45056  13 xt_conntrack,nft_compat,xt_NFLOG,xt_state,xt_tcpudp,ipt_MASQUERADE,xt_nat,xt_comment,xt_policy,ipt_REJECT,ip_tables,xt_limit,xt_TCPMSS