2.4.23/others and ip_conntrack causing hangs

From: James Bourne (jbourne_at_hardrock.org)
Date: 11/30/03

Next message: William Lee Irwin III: "Re: Oops with tmpfs on both 2.4.22 & 2.6.0-test11"

Previous message: James W McMechan: "Oops with tmpfs on both 2.4.22 & 2.6.0-test11"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date:	Sun, 30 Nov 2003 12:21:33 -0700 (MST)
To: linux-kernel@vger.kernel.org, <coreteam@netfilter.org>

Hi all,
I wanted to bring up an issue with ip_conntrack in 2.4.23, 2.4.22, and at
least 2.4.21 (sorry, didn't try 2.4.20).

The issue is that as long as there are connections being tracked, the
ip_conntrack module will not unload. I can understand why this might be,
but the problem is that ip_conntrack will hang rmmod and modprobe -r until
such time as all the connections have been closed.

I think we need something like an ip_conntrack_flush or else completely drop
the connections when the module is unloaded (as previously done) as this
becomes an issue for people who need to drop their ip_tables and reload the
modules (perhaps to correct other issues) especially ip_conntrack...

The only way to reload the modules right now (yes, I know removing modules
from a running kernel is dodgey anyway) is to completely drop the network
interfaces which kills off the connections *anyway*. So, dropping the
connections shouldn't be an issue.

Thanks for the consideration.

Regards
James

-- 
James Bourne                  | Email:            jbourne@hardrock.org          
Unix Systems Administrator    | WWW:           http://www.hardrock.org
Custom Unix Programming       | Linux:  The choice of a GNU generation
----------------------------------------------------------------------
 "All you need's an occasional kick in the philosophy." Frank Herbert  
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: William Lee Irwin III: "Re: Oops with tmpfs on both 2.4.22 & 2.6.0-test11"

Previous message: James W McMechan: "Oops with tmpfs on both 2.4.22 & 2.6.0-test11"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

IPFilter Questions
... reload the NAT rules if I changed them. ... The problem is that I dont remember
the rest of this command ... rules in memory, break any current connections, and
load the ... I am looking for the best way to clear the current ruleset and load ...
(comp.security.firewalls)
Re: Socket holding pattern
... AS> Another possibility is to open the relevant file handles (sockets) ...
AS> hold file handles to active connections. ... reload those objects and such.
... coding and design skills. ... (comp.lang.perl.misc)
Re: [netfilter-core] 2.4.23/others and ip_conntrack causing hangs
... > such time as all the connections have been closed. ... this is exactly
what the code does on unload: ... Unfortunately, some packets are still referencing
connections, so the ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel)
Re: Application variables not resetting
... prevents connections. ... Try to see if touching the web.config does
this. ... restart the application to reload the variables. ... Publishing)
to get it to work. ... (microsoft.public.dotnet.framework.aspnet)
Re: file as a directory
... And network connections, and pipes are files ... You can't just go around pretending
an element in an array is the ... recursion _has_ to stop somewhere. ... send the
line "unsubscribe linux-kernel" in ... (Linux-Kernel)