Re: [netfilter-core] 2.4.23/others and ip_conntrack causing hangs

• Previous message: Stuart Longland: "Re: 2.6 not cat proof"
• Next in thread: Patrick McHardy: "Re: [netfilter-core] 2.4.23/others and ip_conntrack causing hangs"
• Reply: Patrick McHardy: "Re: [netfilter-core] 2.4.23/others and ip_conntrack causing hangs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: James Bourne <jbourne@hardrock.org>
Date:	Mon, 01 Dec 2003 11:22:59 +1100

In message <Pine.LNX.4.44.0311301204520.2148-100000@cafe.hardrock.org> you writ
e:
> Hi all,
> I wanted to bring up an issue with ip_conntrack in 2.4.23, 2.4.22, and at
> least 2.4.21 (sorry, didn't try 2.4.20).
>
> The issue is that as long as there are connections being tracked, the
> ip_conntrack module will not unload. I can understand why this might be,
> but the problem is that ip_conntrack will hang rmmod and modprobe -r until
> such time as all the connections have been closed.
>
> I think we need something like an ip_conntrack_flush or else completely drop
> the connections when the module is unloaded (as previously done) as this
> becomes an issue for people who need to drop their ip_tables and reload the
> modules (perhaps to correct other issues) especially ip_conntrack...

Um, this is exactly what the code does on unload: an explicit flush.

Unfortunately, some packets are still referencing connections, so the
module *cannot* go away. Figuring out exactly where the packets are
referenced from is the fun part. We explicitly drop the reference in
ip_local_deliver_finish() for exactly this reason. Perhaps there is
somewhere else we should be doing the same thing.

Hope that clarifies,
Rusty.

--
  Anyone who quotes me in their sig is an idiot. -- Rusty Russell.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Previous message: Stuart Longland: "Re: 2.6 not cat proof"
• Next in thread: Patrick McHardy: "Re: [netfilter-core] 2.4.23/others and ip_conntrack causing hangs"
• Reply: Patrick McHardy: "Re: [netfilter-core] 2.4.23/others and ip_conntrack causing hangs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages 2.4.23/others and ip_conntrack causing hangs ... The issue is that as long as there are connections being tracked, ... ip_conntrack module will not unload. ... The only way to reload the modules right now (yes, ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: file as a directory ... And network connections, and pipes are files ... You can't just go around pretending an element in an array is the ... recursion _has_ to stop somewhere. ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: ip contrack problem, not strictly followed RFC, DoS very much possible ... > otherwise idle session, you nuke a perfectly good idle session for reasons ... Shouldn't it be protocols thingie to take care about connections? ... This value as it is now, keeps too many connections in memory, which often leads ... To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ ... (Linux-Kernel) Re: oops reiserfs / kernel ... > The server has started to refuse all connections after several days of ... After a reboot it worked well during 5 hours ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: /proc/net/tcp not updated fast enough? ... > of the connections - and thus not totally ignorable) I had to read ... the seqfile interface. ... send the line "unsubscribe linux-kernel" in ... More majordomo info at http://vger.kernel.org/majordomo-info.html ... (Linux-Kernel)