Re: ip_conntrack modules still somewhat buggy

From: Xuan Baldauf (xuan--lkml@baldauf.org)
Date: Wed Aug 09 2000 - 16:45:51 EST

Rusty Russell wrote:

> In message <398DAFA3.AC381807@baldauf.org> you write:
> > Hello,
> >
> > from the log below, you can see, that the module ip_conntrack is neither
> > loaded nor unloaded. This should never happen, but it does in
> > linux-2.4.0-test5. Maybe there are some insmod|rmmod races, because I
> > insmod ip_conntrack in my /etc/ppp/ip-up script and I rmmod it in my
> > /etc/ppp/ip-down script, and unter rare circumstances, both may be run
> > simultaneously.
> >
> > router|20:27:10|/etc> lsmod
> > Module Size Used by
> > ip_conntrack 0 0 (deleted)
>
> This means that someone is holding an skb with a reference to a
> connection, so ip_conntrack won't unload. This is insoluble with the
> current module architecture.

So solving this problem won't be possible until 2.5?

But maybe that problem is solvable until 2.4.0-final?

Compile a kernel with all netfilter|ip-tables parts compiled as modules
(except compatibility modules):

router|23:42:24|~> cat /usr/src/linux-2.4/.config|grep IP_NF
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_UNCLEAN=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_MIRROR=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_LOG=m
# CONFIG_IP_NF_COMPAT_IPCHAINS is not set
# CONFIG_IP_NF_COMPAT_IPFWADM is not set

Run this script on that kernel in 2 telnet sessions in parallel (maybe local
sessions are also okay):

while true; do insmod ip_tables; insmod ip_conntrack; insmod iptable_nat;
insmod ipt_MASQUERADE; rmmod ipt_MASQUERADE; rmmod iptable_nat; rmmod
ip_conntrack; rmmod ip_tables; done

By chance (probably in the first 10 seconds), you will get following output:

router|23:33:30|~> while true; do insmod ip_tables; insmod ip_conntrack;
insmod iptable_nat; insmod ipt_MASQUERADE; rmmod ipt_MASQUERADE; rmmod
iptable_nat; rmmod ip_conntrack; rmmod ip_tables; done
Using /lib/modules/2.4.0-test5/ipv4/ip_tables.o
insmod: a module named ip_tables already exists
Using /lib/modules/2.4.0-test5/ipv4/ip_conntrack.o
Using /lib/modules/2.4.0-test5/ipv4/iptable_nat.o
Using /lib/modules/2.4.0-test5/ipv4/ipt_MASQUERADE.o
Using /lib/modules/2.4.0-test5/ipv4/ip_tables.o
Using /lib/modules/2.4.0-test5/ipv4/ip_conntrack.o
Using /lib/modules/2.4.0-test5/ipv4/iptable_nat.o
Using /lib/modules/2.4.0-test5/ipv4/ipt_MASQUERADE.o
rmmod: module ipt_MASQUERADE is not loaded
Using /lib/modules/2.4.0-test5/ipv4/ip_tables.o
Using /lib/modules/2.4.0-test5/ipv4/ip_conntrack.o
Using /lib/modules/2.4.0-test5/ipv4/iptable_nat.o
Using /lib/modules/2.4.0-test5/ipv4/ipt_MASQUERADE.o
rmmod: module ip_conntrack is not loaded
rmmod: module ip_tables is not loaded
Using /lib/modules/2.4.0-test5/ipv4/ip_tables.o
Using /lib/modules/2.4.0-test5/ipv4/ip_conntrack.o
insmod: a module named ip_conntrack already exists
Using /lib/modules/2.4.0-test5/ipv4/iptable_nat.o
Using /lib/modules/2.4.0-test5/ipv4/ipt_MASQUERADE.o

... up to here, everything is okay, but ...

/lib/modules/2.4.0-test5/ipv4/ipt_MASQUERADE.o: unresolved symbol
ip_conntrack_get
/lib/modules/2.4.0-test5/ipv4/ipt_MASQUERADE.o: unresolved symbol
ip_ct_selective_cleanup
/lib/modules/2.4.0-test5/ipv4/ipt_MASQUERADE.o: unresolved symbol
ip_nat_setup_info
rmmod: module ipt_MASQUERADE is not loaded
rmmod: module iptable_nat is not loaded
rmmod: module ip_conntrack is not loaded
Using /lib/modules/2.4.0-test5/ipv4/ip_tables.o
insmod: a module named ip_tables already exists
Using /lib/modules/2.4.0-test5/ipv4/ip_conntrack.o
insmod: a module named ip_conntrack already exists
Using /lib/modules/2.4.0-test5/ipv4/iptable_nat.o
Using /lib/modules/2.4.0-test5/ipv4/ipt_MASQUERADE.o
/lib/modules/2.4.0-test5/ipv4/ipt_MASQUERADE.o: unresolved symbol
ip_nat_setup_info
rmmod: module ipt_MASQUERADE is not loaded
rmmod: module iptable_nat is not loaded

... the "unresolved symbol" messages may be a bug, but after these messages
appeared...

Using /lib/modules/2.4.0-test5/ipv4/ipt_MASQUERADE.o
Using /lib/modules/2.4.0-test5/ipv4/ip_tables.o
insmod: module : QM_INFO: Invalid argument
Using /lib/modules/2.4.0-test5/ipv4/ip_conntrack.o
insmod: module : QM_INFO: Invalid argument
Using /lib/modules/2.4.0-test5/ipv4/iptable_nat.o
insmod: module : QM_INFO: Invalid argument
Using /lib/modules/2.4.0-test5/ipv4/ipt_MASQUERADE.o
insmod: module : QM_INFO: Invalid argument
rmmod: module : QM_INFO: Invalid argument
rmmod: module ipt_MASQUERADE is not loaded
rmmod: module : QM_INFO: Invalid argument
rmmod: module : QM_INFO: Invalid argument
rmmod: module iptable_nat is not loaded

... the complete module subsystem seems to be destroyed ...

router|23:34:10|~> lsmod
Module Size Used by
lsmod: module : QM_INFO: Invalid argument
router|23:37:30|~> uname -a
Linux router 2.4.0-test5 #5 Fri Jul 28 15:44:55 CEST 2000 i586 unknown
router|23:39:31|~>

Note, that this is a UP-System (P166-MMX)

I hope, that these (race?) bugs are fixed before 2.4.0-final is released.

>
>
> Rusty.
> --
> Hacking time.
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Tue Aug 15 2000 - 21:00:19 EST