All of lore.kernel.org
 help / color / mirror / Atom feed
* Re: how to clear the conntrack table!
@ 2003-10-16  7:57 Eicke Friedrich
  0 siblings, 0 replies; 6+ messages in thread
From: Eicke Friedrich @ 2003-10-16  7:57 UTC (permalink / raw)
  To: netfilter-devel

Hi again,

Patrick McHardy wrote:

> Eicke Friedrich wrote:
> 
>> Harald Welte wrote:
>> 
>>> unfortunately there is currently no other way than to unload 
>>> and reload the ip_conntrack module
>> 
>> 
>> 
>> I've tried this a couple of times. The module seems to get 
>> deleted (lsmod still shows ip_conntrack but as deleted) but rmmod
>>  does NOT finish. It grabs 100% CPU for minutes. I had to reboot 
>> the box then. Any hints?
> 
> In case your running an older kernel (before -pre9), try the latest
>  -rc kernel or
submitted/70_ip-conntrack-expect-drop-refcnt-combined.patch from
> patch-o-matic.


Not having time before I updated my box today to kernel version 2.4.22
from kernel.org. The system works still very well but I'm still not
able to unload the conntrack module. It's the same problem as I
described above using 2.4.21. So anyone there who knows an answer?
Thanks in advance.

Regards,
Eicke Friedrich

PS: Sorry Patrick for sending this message directly to you - I forgot
to change the receiver. :-(

My system:
Dual Athlon MP, 512 MB RAM
Following patches applied:
Enable NF on a bridge: ebtables-brnf-2_vs_2.4.22.diff
NETFILTER P-O-M:
Already applied: submitted/01_2.4.19
                  submitted/02_2.4.20
                  submitted/03_2.4.21
                  submitted/04_2.4.22
                  submitted/44_backport_ah_esp_fixes
                  submitted/45_masq_routing_check
                  submitted/54_ip_nat-macro-args
                  submitted/58-ip_conntrack-macro-args
                  submitted/60_nat_tftp-remove-warning
                  submitted/73_ipt_MASQUERADE-oif
                  submitted/74_nat-range-fix
                  submitted/75_REJECT_localpmtu-fix
                  submitted/76_snmp-checksum_h-fix
                  submitted/77_destroy-conntrack
                  submitted/78_nathelper-udp-csum
                  submitted/79_mangle_udp-sizecheck
                  submitted/80_ip_conntrack-proc
                  submitted/81_ipt_unclean-tcp-flag-table
                  submitted/83_nolocalout
                  submitted/84_local-nullbinding
                  submitted/86_getorigdst-tuple-zero
                  submitted/87_nat-helpers-u16
                  pending/59_ip_nat_h-unused-var
                  pending/61-remove-memsets
                  pending/64_masquerade-sameip-noflush
                  pending/69_amanda-helpers
                  pending/70_expect-evict-order
                  pending/72_recent_procfs_fix
                  base/connlimit
                  base/mport
                  base/quota
                  extra/CLASSIFY
                  extra/CONNMARK
                  extra/string

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: how to clear the conntrack table!
  2003-08-25 10:14   ` Eicke Friedrich
@ 2003-08-25 10:31     ` Patrick McHardy
  0 siblings, 0 replies; 6+ messages in thread
From: Patrick McHardy @ 2003-08-25 10:31 UTC (permalink / raw)
  To: Eicke Friedrich; +Cc: netfilter-devel

In case your running an older kernel (before -pre9), try the latest -rc
kernel or submitted/70_ip-conntrack-expect-drop-refcnt-combined.patch
from patch-o-matic.

Bye,
Patrick

Eicke Friedrich wrote:

>
> Harald Welte wrote:
>
>> unfortunately there is currently no other way than to unload and
>> reload the ip_conntrack module :(
>
> I've tried this a couple of times. The module seems to get deleted
> (lsmod still shows ip_conntrack but as deleted) but rmmod does NOT
> finish. It grabs 100% CPU for minutes. I had to reboot the box then.
> Any hints?
>
> Regards,
> Eicke.

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: how to clear the conntrack table!
  2003-08-23 21:08 ` Harald Welte
  2003-06-27  9:28   ` Flavio Pescuma
@ 2003-08-25 10:14   ` Eicke Friedrich
  2003-08-25 10:31     ` Patrick McHardy
  1 sibling, 1 reply; 6+ messages in thread
From: Eicke Friedrich @ 2003-08-25 10:14 UTC (permalink / raw)
  To: netfilter-devel


Harald Welte wrote:
> unfortunately there is currently no other way than to unload and
> reload the ip_conntrack module :(
I've tried this a couple of times. The module seems to get deleted
(lsmod still shows ip_conntrack but as deleted) but rmmod does NOT
finish. It grabs 100% CPU for minutes. I had to reboot the box then.
Any hints?

Regards,
Eicke.

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: how to clear the conntrack table!
  2003-08-15  9:13 Decoy
@ 2003-08-23 21:08 ` Harald Welte
  2003-06-27  9:28   ` Flavio Pescuma
  2003-08-25 10:14   ` Eicke Friedrich
  0 siblings, 2 replies; 6+ messages in thread
From: Harald Welte @ 2003-08-23 21:08 UTC (permalink / raw)
  To: Decoy; +Cc: netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 616 bytes --]

On Fri, Aug 15, 2003 at 05:13:05PM +0800, Decoy wrote:
> Hi!
> 
> how can I clear the conntrack table?!

unfortunately there is currently no other way than to unload and reload the
ip_conntrack module :(

> Thanks very much!
> dec0y

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
* how to clear the conntrack table!
@ 2003-08-15  9:13 Decoy
  2003-08-23 21:08 ` Harald Welte
  0 siblings, 1 reply; 6+ messages in thread
From: Decoy @ 2003-08-15  9:13 UTC (permalink / raw)
  To: netfilter-devel

Hi!

how can I clear the conntrack table?!

Thanks very much!


dec0y

forlegend@163.net

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: how to clear the conntrack table!
  2003-08-23 21:08 ` Harald Welte
@ 2003-06-27  9:28   ` Flavio Pescuma
  2003-08-25 10:14   ` Eicke Friedrich
  1 sibling, 0 replies; 6+ messages in thread
From: Flavio Pescuma @ 2003-06-27  9:28 UTC (permalink / raw)
  To: Harald Welte; +Cc: Decoy, netfilter-devel

You could look into using the patch I send some day ago.  the you could
set all connection to unconfirmed, and then set you rule set so that al
unconfirmed packets pass the rule set


/flavio

On Sat, 2003-08-23 at 23:08, Harald Welte wrote:
> On Fri, Aug 15, 2003 at 05:13:05PM +0800, Decoy wrote:
> > Hi!
> > 
> > how can I clear the conntrack table?!
> 
> unfortunately there is currently no other way than to unload and reload the
> ip_conntrack module :(
> 
> > Thanks very much!
> > dec0y

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2003-10-16  7:57 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-10-16  7:57 how to clear the conntrack table! Eicke Friedrich
  -- strict thread matches above, loose matches on Subject: below --
2003-08-15  9:13 Decoy
2003-08-23 21:08 ` Harald Welte
2003-06-27  9:28   ` Flavio Pescuma
2003-08-25 10:14   ` Eicke Friedrich
2003-08-25 10:31     ` Patrick McHardy

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.