Hi, On Sat, Feb 19, 2022 at 02:25:47PM +0100, Florian Westphal wrote: > Phil Sutter <phil@xxxxxx> wrote: > > With nftables, no template is being used and instead helper assignment > > happens after conntrack initialization. With helper auto assignment > > being disabled by default, this leads to this spurious kernel log > > suggesting to use iptables CT target. > > > > To avoid the bogus and confusing message, check helper's refcount: It is > > initialized to 1 by nf_conntrack_helper_register() and incremented by > > nf_conntrack_helper_try_module_get() during nft_ct_helper_obj_init(). So > > if its value is larger than 1, it must be in use *somewhere*. > > Why not set cnet->auto_assign_helper_warned = true; from nft_ct.c? I tried, but nf_ct_pernet() is not usable from module context, or actually symbol nf_conntrack_net_id. So I had to introduce a routine to set the value. On the other hand I didn't like the fact that it would permanently disable the warning even after 'nft flush ruleset' (nit-picking). I can recover that approach and send a v2 if you think (re-)using refcnt is a bad idea here. Thanks, Phil
