A module counter leak of some sort perhaps?

William Stearns wstearns@pobox.com
Mon, 22 Nov 1999 00:49:06 -0500 (EST) 

Good day, all,
	I'm using netfilter-0.1.12 on kernel 2.3.28 (patched with Ingo's
zoned-2.3.28-K4 patch; otherwise, I can't use the first 15M of my 40M
laptop).
	As I mentioned earlier, Mason is running on iptables now; part of
the day has been building a firewall on it.  This process involves lots of
flush, policy, put in a bunch of block rules, put in stadard user rules,
then log *1 the rest cycles.
	I'm finding that the module usage counts are rising and I'm not
sure why.  After an evening of Mason work:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUTN (0 references)
target     prot opt source               destination
Chain FORWARDN (0 references)
target     prot opt source               destination
Chain INPUTN (0 references)
target     prot opt source               destination
Chain NoSpoof (0 references)
target     prot opt source               destination

[root@sparrow /etc]# lsmod
Module                  Size  Used by
[snip]
ipt_icmp                 644  34  (autoclean)
ipt_tcp                  928 834  (autoclean)
ipt_udp                  6721511  (autoclean)
ipt_LOG                 2624   0
ipt_state                592  10
iptables                7080   5  [ipt_icmp ipt_tcp ipt_udp ipt_LOG ipt_state]
ip_conntrack_ftp        1288   0  (unused)
ip_conntrack           11072   2  [ipt_state ip_conntrack_ftp]

	1511 uses for the udp module?  Shouldn't the count on that get
decremented to zero when I do an iptables -F?
	My apologies if I've misunderstood the meaning of that count, but
at the very least:

[root@sparrow /etc]# rmmod ipt_udp
rmmod: ipt_udp: Device or resource busy

	Cheers,
	- Bill

*1 By the way; the logging on iptables is marvelous.  By putting in a
--state ESTABLISHED,RELATED accept rule at the top, each new protocol only
makes a single log entry.  Mason can keep up with that even on this old
box.  No more log storms!

---------------------------------------------------------------------------
	..all in all it's just another rule in the firewall.
	/Ping Flood/
(Courtesy of Hirling Endre)
--------------------------------------------------------------------------
William Stearns (wstearns@pobox.com).  Mason, Buildkernel, named2hosts, 
and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns/
--------------------------------------------------------------------------