In message <[EMAIL PROTECTED]> you write:
> It seems that for one reason or another, ip_conntrack totally locks (not
> removeable) after about 10 hours of continued use. All i found were
> these messages in my dmesg output
What was the contents of /proc/net/ip_conntrack?
Being unremovable can happen if someone is holding a packet, which the
below fix (by Xuan Baldauf) will often alleviate, but connection
tracking doesn't DROP packets (NAT and packet filtering do).
Hope that helps,
Rusty.
--
http://linux.conf.au The Linux conference Australia needed.
diff -urN -I \$.*\$ -X /tmp/kerndiff.RnRDbE --minimal
linux-2.4.0-test13-3/net/ipv4/ip_input.c working-2.4.0-test13-3/net/ipv4/ip_input.c
--- linux-2.4.0-test13-3/net/ipv4/ip_input.c Tue Dec 12 14:28:06 2000
+++ working-2.4.0-test13-3/net/ipv4/ip_input.c Mon Dec 18 17:07:06 2000
@@ -225,6 +225,13 @@
nf_debug_ip_local_deliver(skb);
#endif /*CONFIG_NETFILTER_DEBUG*/
+#ifdef CONFIG_NETFILTER
+ /* Free reference early: we don't need it any more, and it may
+ hold ip_conntrack module loaded indefinitely. */
+ nf_conntrack_put(skb->nfct);
+ skb->nfct = NULL;
+#endif /*CONFIG_NETFILTER*/
+
/* Point into the IP datagram, just past the header. */
skb->h.raw = skb->nh.raw + iph->ihl*4;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
