Bug 102561 - Impossible to remove ip_conntrack module after some time.
Summary: Impossible to remove ip_conntrack module after some time.
Keywords:
Status: CLOSED DUPLICATE of bug 103177
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel
Version: 8.0
Hardware: i586
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-08-18 01:33 UTC by Dams
Modified: 2007-04-18 16:56 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-02-21 18:58:07 UTC
Embargoed:


Attachments (Terms of Use)

Description Dams 2003-08-18 01:33:03 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.7 (X11; Linux i686; U;) Gecko/20030131

Description of problem:
Sometimes i cannot remove the ip_conntrack module from the kernel. Especially
when i have a lot of connections tracked (according to /proc/ip_conntrack).

Version-Release number of selected component (if applicable):
kernel-2.4.20-19.8.i586 (ran on k6-2 processor)

How reproducible:
Sometimes

Steps to Reproduce:
1. Load modules ip_conntrack_* ip_nat_*. Apply iptables rules. Wait some times.
(can be long)
2. service iptables stop.
3. Remove all iptables modules that are dependent of ip_conntrack module.
4. modprobe -r ip_nat_ftp ip_nat_irc
5. modprobe -r ip_conntrack_ftp
6. modprobe -r ip_conntrack_irc (last module ip_conntrack is dependent of.
modprobe will try to remove ip_conntrack module).

Actual Results:  [root@confiote ~]# modprobe -r -v ip_conntrack_irc
# delete ip_conntrack_irc
# delete ip_conntrack

and never returns. modprobe takes 90% of cpu. ctrl-z/c/\ wont suspend nor kill
the process. lsmod|grep conntrack reports : 
ip_conntrack               0   0  (deleted)


Expected Results:  modprobe should return... one day...

Additional info:

Before trying to modprobe -r : 
[root@confiote ~]# rpm -V kernel modutils
.M......   /dev/shm
zsh: exit 1     rpm -V kernel modutils
[root@confiote ~]# wc -l /proc/net/ip_conntrack
   4931 /proc/net/ip_conntrack
[root@confiote ~]# cat /proc/sys/net/ipv4/ip_conntrack_max
12288

This is from the iptables rules on the machine :
iptables -t filter -N keep_state
iptables -t filter -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A keep_state -j RETURN
iptables -t filter -A INPUT -j keep_state
iptables -t filter -A FORWARD -j keep_state
iptables -t filter -A OUTPUT -j keep_state

I think theese rules are related to ip_conntrack.

if you need all iptables rules. Just ask. modules ip_conntrack_ftp and
ip_nat_ftp are loaded. So *_irc modules are.

When there are few (0-500, didnt test between 500-4500) connections in
ip_conntrack, the module accept to be removed without complaining.

Comment 1 Nikolai Ivanyushin 2003-09-05 14:36:47 UTC
the same on kernel-2.4.20-19.7, kernel-2.4.20-20.7 and iptables-1.2.8-8.72.3 
on i686 (Red Hat Linux 7.3 + all updates)
my quick fix was
=====iptables.init.patch=====
--- iptables.orig       Tue Aug  5 13:17:00 2003
+++ iptables    Fri Sep  5 17:19:12 2003
@@ -177,8 +177,8 @@
     ret=0
     rmmod_r ${IPV}_tables
     let ret+=$?;
-    rmmod_r ${IPV}_conntrack
-    let ret+=$?;
+    #rmmod_r ${IPV}_conntrack
+    #let ret+=$?;

     [ $ret -eq 0 ] && success || failure
     echo

=============================

Comment 2 Nils Philippsen 2003-09-26 06:51:01 UTC

*** This bug has been marked as a duplicate of 103177 ***

Comment 3 Red Hat Bugzilla 2006-02-21 18:58:07 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.


Note You need to log in before you can comment on or make changes to this bug.