From Bugzilla Helper: User-Agent: Mozilla/5.0 Galeon/1.2.7 (X11; Linux i686; U;) Gecko/20030131 Description of problem: Sometimes i cannot remove the ip_conntrack module from the kernel. Especially when i have a lot of connections tracked (according to /proc/ip_conntrack). Version-Release number of selected component (if applicable): kernel-2.4.20-19.8.i586 (ran on k6-2 processor) How reproducible: Sometimes Steps to Reproduce: 1. Load modules ip_conntrack_* ip_nat_*. Apply iptables rules. Wait some times. (can be long) 2. service iptables stop. 3. Remove all iptables modules that are dependent of ip_conntrack module. 4. modprobe -r ip_nat_ftp ip_nat_irc 5. modprobe -r ip_conntrack_ftp 6. modprobe -r ip_conntrack_irc (last module ip_conntrack is dependent of. modprobe will try to remove ip_conntrack module). Actual Results: [root@confiote ~]# modprobe -r -v ip_conntrack_irc # delete ip_conntrack_irc # delete ip_conntrack and never returns. modprobe takes 90% of cpu. ctrl-z/c/\ wont suspend nor kill the process. lsmod|grep conntrack reports : ip_conntrack 0 0 (deleted) Expected Results: modprobe should return... one day... Additional info: Before trying to modprobe -r : [root@confiote ~]# rpm -V kernel modutils .M...... /dev/shm zsh: exit 1 rpm -V kernel modutils [root@confiote ~]# wc -l /proc/net/ip_conntrack 4931 /proc/net/ip_conntrack [root@confiote ~]# cat /proc/sys/net/ipv4/ip_conntrack_max 12288 This is from the iptables rules on the machine : iptables -t filter -N keep_state iptables -t filter -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -t filter -A keep_state -j RETURN iptables -t filter -A INPUT -j keep_state iptables -t filter -A FORWARD -j keep_state iptables -t filter -A OUTPUT -j keep_state I think theese rules are related to ip_conntrack. if you need all iptables rules. Just ask. modules ip_conntrack_ftp and ip_nat_ftp are loaded. So *_irc modules are. When there are few (0-500, didnt test between 500-4500) connections in ip_conntrack, the module accept to be removed without complaining.
the same on kernel-2.4.20-19.7, kernel-2.4.20-20.7 and iptables-1.2.8-8.72.3 on i686 (Red Hat Linux 7.3 + all updates) my quick fix was =====iptables.init.patch===== --- iptables.orig Tue Aug 5 13:17:00 2003 +++ iptables Fri Sep 5 17:19:12 2003 @@ -177,8 +177,8 @@ ret=0 rmmod_r ${IPV}_tables let ret+=$?; - rmmod_r ${IPV}_conntrack - let ret+=$?; + #rmmod_r ${IPV}_conntrack + #let ret+=$?; [ $ret -eq 0 ] && success || failure echo =============================
*** This bug has been marked as a duplicate of 103177 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.