Re: kernel panic when running /etc/init.d/iptables restart

2012-12-27 Thread canqun zhang
Hi all As discussed above,if the host machine create several linux containers, there will be several net namespaces.Resources with "nf conntrack" are registered or unregistered on the first net namespace(init_net),But init_net is not unregistered lastly,so cleanuping other net namespaces will tri

Re: kernel panic when running /etc/init.d/iptables restart

2012-12-27 Thread canqun zhang
Hi all As discussed above,if the host machine create several linux containers, there will be several net namespaces.Resources with "nf conntrack" are registered or unregistered on the first net namespace(init_net),But init_net is not unregistered lastly,so cleanuping other net namespaces will tri

Re: kernel panic when running /etc/init.d/iptables restart

2012-12-25 Thread canqun zhang
Thanks for your suggestion,i will modify this patch and take tests. 2012/12/25 Gao feng : > On 2012/12/25 15:25, canqun zhang wrote: >> Hi Gao feng >> The stack information is as follows. The kenel will panic because the >> nf_ct_destroy is NULL. >> >> Reproduction: >> (1) starting a lxc container

Re: kernel panic when running /etc/init.d/iptables restart

2012-12-25 Thread Gao feng
On 2012/12/25 15:25, canqun zhang wrote: > Hi Gao feng > The stack information is as follows. The kenel will panic because the > nf_ct_destroy is NULL. > > Reproduction: > (1) starting a lxc container > (2) iptables -t nat -A POSTROUTING -s 10.48.254.18 -o eth1 -j > MASQUERADE (run it on host mach

Re: kernel panic when running /etc/init.d/iptables restart

2012-12-25 Thread Gao feng
On 2012/12/25 15:25, canqun zhang wrote: > Hi Gao feng > The stack information is as follows. The kenel will panic because the > nf_ct_destroy is NULL. Thanks! It seems that nf_conntrack_l[3,4]proto_unregister doesn't make sure nf_conns of the proto being destroyed. If I'm right, there is another

Re: kernel panic when running /etc/init.d/iptables restart

2012-12-24 Thread canqun zhang
Hi Gao feng The stack information is as follows. The kenel will panic because the nf_ct_destroy is NULL. Reproduction: (1) starting a lxc container (2) iptables -t nat -A POSTROUTING -s 10.48.254.18 -o eth1 -j MASQUERADE (run it on host machine) (3) /etc/ini.d/iptables save (run it on host machine

Re: kernel panic when running /etc/init.d/iptables restart

2012-12-24 Thread Gao feng
cc netdev Hi canqun: On 2012/12/24 13:51, canqun zhang wrote: > Hi Patrickļ¼Œ > If i start one lxc container instance, and then in the system there > will be two net namespaces,one is init_net namespace, the other is > created by lxc.If running "/etc/init.d/iptables restart",the system > will be pa

kernel panic when running /etc/init.d/iptables restart

2012-12-23 Thread canqun zhang
Hi Patrickļ¼Œ If i start one lxc container instance, and then in the system there will be two net namespaces,one is init_net namespace, the other is created by lxc.If running "/etc/init.d/iptables restart",the system will be panic. I find iptables restarting will clean init_net namespace firstly,the