From: Rusty Russell <rusty@rustcorp.com.au>
To: James Bourne <jbourne@hardrock.org>
Cc: linux-kernel@vger.kernel.org, coreteam@netfilter.org
Subject: Re: [netfilter-core] 2.4.23/others and ip_conntrack causing hangs
Date: Mon, 01 Dec 2003 11:22:59 +1100 [thread overview]
Message-ID: <20031201015604.816D52C06F@lists.samba.org> (raw)
In-Reply-To: Your message of "Sun, 30 Nov 2003 12:21:33 PDT." <Pine.LNX.4.44.0311301204520.2148-100000@cafe.hardrock.org>
In message <Pine.LNX.4.44.0311301204520.2148-100000@cafe.hardrock.org> you writ
e:
> Hi all,
> I wanted to bring up an issue with ip_conntrack in 2.4.23, 2.4.22, and at
> least 2.4.21 (sorry, didn't try 2.4.20).
>
> The issue is that as long as there are connections being tracked, the
> ip_conntrack module will not unload. I can understand why this might be,
> but the problem is that ip_conntrack will hang rmmod and modprobe -r until
> such time as all the connections have been closed.
>
> I think we need something like an ip_conntrack_flush or else completely drop
> the connections when the module is unloaded (as previously done) as this
> becomes an issue for people who need to drop their ip_tables and reload the
> modules (perhaps to correct other issues) especially ip_conntrack...
Um, this is exactly what the code does on unload: an explicit flush.
Unfortunately, some packets are still referencing connections, so the
module *cannot* go away. Figuring out exactly where the packets are
referenced from is the fun part. We explicitly drop the reference in
ip_local_deliver_finish() for exactly this reason. Perhaps there is
somewhere else we should be doing the same thing.
Hope that clarifies,
Rusty.
--
Anyone who quotes me in their sig is an idiot. -- Rusty Russell.
next prev parent reply other threads:[~2003-12-01 1:56 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-30 19:21 2.4.23/others and ip_conntrack causing hangs James Bourne
2003-12-01 0:22 ` Rusty Russell [this message]
2003-12-02 0:20 ` [netfilter-core] " Patrick McHardy
2003-12-02 6:33 ` Rusty Russell
2003-12-02 23:18 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031201015604.816D52C06F@lists.samba.org \
--to=rusty@rustcorp.com.au \
--cc=coreteam@netfilter.org \
--cc=jbourne@hardrock.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.