[Bug 91] conntrack unload loops forever (reproducible)
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Thu Feb 24 07:27:24 CET 2005
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=91
------- Additional Comments From mschwendt at users.sf.net 2005-02-24 07:27 MET -------
"modprobe -r ip_conntrack" is possible, and hence it ought to work. Or do you
want to require a reboot to remove kernel modules? Unloading of iptables modules
on service script restart is optional in Fedora Core. And with knowledge of a
work-around, my personal interest in a fix is not high. It would be in the
interest of the netfilter project to fix this, though.
> So is this a bug in redhat or netfilter?
Consider re-reading the comments within this ticket.
> You seem undecided yourself,
> since you've posted bugs in both places.
No. That's misimpression based on not reading through the comments. Both tickets
were not opened by me.
It is common procedure to inform a Linux distribution vendor about defects in
its product and expect the vendor to develop an erratum or forward bug reports
upstream. Especially if "user == customer" holds true. Customers are not
expected to get access to hundreds or thousands of individual bug tracking
systems or mailing-lists of upstream software vendors.
> I would posit that the netfilter modules were not designed to be
> unloaded/reloaded on an operational firewall,
Even on an isolated machine with no traffic, see e.g. comment 18, and an empty
connection tracking table, unloading of ip_conntrack was not possible.
And yes, if this apparent misbehaviour (99% CPU usage with a hanging modprobe
-r) is by design, module removal ought to be made impossible.
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the netfilter-buglog
mailing list