Well, I tried a couple of things over last night, and neither revealed anything satisfying. First, I compiled in all the debug code for netfilter into the kernel. Our test setup ran all night without a single hang in iptables(-restore). This is still with 3.0.36-rt58 and iptables 1.3.8. This, to me, speaks of some sort of timing/race condition or optimization problem. Without the debugging information, I can't seem to determine where things have gone wrong, and with debugging information I can't get the lockup to happen. Second, I compiled 1.4.14 (and libnfnetlink) and installed that. This is running with our "stock" (no debug) 3.0.36-rt57 build, and no lockup occurred all night. The only other issue I can think of is this. Our standard build has a linux-libc-dev in our webroot for 2.6.24. We do not build linux-libc-dev as part of our kernel build. So iptables ends up being compiled against 2.6.24, but run on 3.0.36-rt57. Could this potentially induce the type of failure we were seeing? My compile of 1.4.14 is against the 3.0.36-rt57 linux-libc-dev headers, rather than the 2.6.24. Thanks, Pete -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
