Re: ip_conntrack locks up hard on 2.4.0 after about 10 hours

Rusty Russell (rusty@linuxcare.com.au)
Sun, 07 Jan 2001 22:27:29 +1100


In message <3A573BD2.C7F7771F@voicenet.com> you write:
> It seems that for one reason or another, ip_conntrack totally locks (not
> removeable) after about 10 hours of continued use. All i found were
> these messages in my dmesg output

What was the contents of /proc/net/ip_conntrack?

Being unremovable can happen if someone is holding a packet, which the
below fix (by Xuan Baldauf) will often alleviate, but connection
tracking doesn't DROP packets (NAT and packet filtering do).

Hope that helps,
Rusty.

--
http://linux.conf.au The Linux conference Australia needed.

diff -urN -I \$.*\$ -X /tmp/kerndiff.RnRDbE --minimal linux-2.4.0-test13-3/net/ipv4/ip_input.c working-2.4.0-test13-3/net/ipv4/ip_input.c --- linux-2.4.0-test13-3/net/ipv4/ip_input.c Tue Dec 12 14:28:06 2000 +++ working-2.4.0-test13-3/net/ipv4/ip_input.c Mon Dec 18 17:07:06 2000 @@ -225,6 +225,13 @@ nf_debug_ip_local_deliver(skb); #endif /*CONFIG_NETFILTER_DEBUG*/ +#ifdef CONFIG_NETFILTER + /* Free reference early: we don't need it any more, and it may + hold ip_conntrack module loaded indefinitely. */ + nf_conntrack_put(skb->nfct); + skb->nfct = NULL; +#endif /*CONFIG_NETFILTER*/ + /* Point into the IP datagram, just past the header. */ skb->h.raw = skb->nh.raw + iph->ihl*4; - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/