What was the contents of /proc/net/ip_conntrack?
Being unremovable can happen if someone is holding a packet, which the
below fix (by Xuan Baldauf) will often alleviate, but connection
tracking doesn't DROP packets (NAT and packet filtering do).
Hope that helps,
Rusty.
-- http://linux.conf.au The Linux conference Australia needed.diff -urN -I \$.*\$ -X /tmp/kerndiff.RnRDbE --minimal linux-2.4.0-test13-3/net/ipv4/ip_input.c working-2.4.0-test13-3/net/ipv4/ip_input.c --- linux-2.4.0-test13-3/net/ipv4/ip_input.c Tue Dec 12 14:28:06 2000 +++ working-2.4.0-test13-3/net/ipv4/ip_input.c Mon Dec 18 17:07:06 2000 @@ -225,6 +225,13 @@ nf_debug_ip_local_deliver(skb); #endif /*CONFIG_NETFILTER_DEBUG*/ +#ifdef CONFIG_NETFILTER + /* Free reference early: we don't need it any more, and it may + hold ip_conntrack module loaded indefinitely. */ + nf_conntrack_put(skb->nfct); + skb->nfct = NULL; +#endif /*CONFIG_NETFILTER*/ + /* Point into the IP datagram, just past the header. */ skb->h.raw = skb->nh.raw + iph->ihl*4; - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/