Re: Possible bug in ip_conntrack on ip change

Martin Josefsson (gandalf@wlug.westbo.se)
11 Apr 2003 00:15:07 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chuck Ebbert: "Re: kernel support for non-english user messages"
Previous message: Andreas Dilger: "Re: kernel support for non-english user messages"

On Thu, 2003-04-10 at 22:18, Mario TRENTINI wrote:
> Dear list,
>
> I've recently reboot my linux router due to fool ip_conntrack table
> (/proc/net/ip_conntrack). The box is hook up to the internet with
> dynamically assign ip and run a 2.4.20 kernel.
> Upon investigation after the reboot, it appears that the table contains
> stale entries of connections made with previous ip addresses that slowly
> fill it up.

Did you apply the pending/submitted patches from patch-o-matic?
There's a known bug in conntrack in kernel 2.4.20 that can make old
connections still hang around. It's fixed in the latest 2.4.21-pre
kernel.

Or you can download patch-o-matic and patch your 2.4.20 kernel.
(ftp://ftp.netfilter.org/pub/patch-o-matic/snapshot/patch-o-matic-20030410.tar.bz2)
And then execute ./runme --batch pending

And there's an entry about this problem with MASQUERADE and old
connection hanging around in the netfilter bugzilla, it's not
neccessarily the same bug as the one that's fixed in later kernels.
https://bugzilla.netfilter.org

-- 
/Martin
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Chuck Ebbert: "Re: kernel support for non-english user messages"
Previous message: Andreas Dilger: "Re: kernel support for non-english user messages"