cc netdev Hi canqun: On 2012/12/24 13:51, canqun zhang wrote: > Hi Patrick, > If i start one lxc container instance, and then in the system there > will be two net namespaces,one is init_net namespace, the other is > created by lxc.If running "/etc/init.d/iptables restart",the system > will be panic. I find iptables restarting will clean init_net > namespace firstly,then clean the net namespace created by lxc,buf > related functions about cleaning up init_net namespace will destroy > global variables such as nf_ct_destroy,ip_ct_attach,etc.So,funtions > cleaning up the other net namespace will be panic. > I'm afraid that the system will not panic. When do rmmod nf_conntrack_ipv[4,6],we already call nf_ct_iterate_cleanup to destroy the nf_conns which belongs to l[3,4]proto protocols,At this time the nf_ct_destroy still points to destroy_conntrack because the module nf_conntrack is hold by l3 and l4proto. You can check the function nf_conntrack_l[3,4]proto_unregister. Can you make it a little clear? The reproduction and oops dump stack is useful. Thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
