Re: /proc/net/ip_conntrack filling without ipt_conntrack.o loaded?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Filip Sneppe <filip.sneppe@cronos.be>
To: Christian Hammers <ch@westend.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: /proc/net/ip_conntrack filling without ipt_conntrack.o loaded?
Date: 14 Jan 2003 14:43:45 +0100	[thread overview]
Message-ID: <1042551825.465.143.camel@xbox> (raw)
In-Reply-To: <20030114121232.GA3362@westend.com>

On Tue, 2003-01-14 at 13:12, Christian Hammers wrote:
> Hello
> 
> I had ipt_conntrack.o loaded (see last mail) and then removed. But still
> my /proc/net/ip_conntrack got filled up.
> Then I did "echo '10000' > /proc/sys/net/ipv4/ip_conntrack_max" and it 
> still raised.
> Now, after waiting 10min or so the values are slightly falling (I had
> fear that it crashed when reaching 0xffff)..
> 
> Are the first two events signs for a bug or is it expected behaviour
> that somehow the conntrack code remains in the kernel even if the module
> has been removed?

You sure it's not due to a typo ? It's ip_conntrack.o, not
ipt_conntrack. After an rmmod, what does lsmod say ?

About the high nuber of tracked connections, are you
talking about /proc/net/ip_conntrack ?

Before thinking of a bug, you should get a clear view of
the type of traffic filling your connection tracking table.
broadcasts ? Are these primarily ESTABLISHED connections,
or UNREPLIED connections ? Are nimda infected IIS boxes
scanning the whole ipv4 address range through your machine ?
It takes only a couple of infected machines to generate a
lot of traffic.

So, what's the nature of the entries in /proc/net/ip_conntrack ?

Regards,
Filip

next prev parent reply	other threads:[~2003-01-14 13:43 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-01-14  9:37 filtering asym. routing without "ip_conntrack: table full"? Christian Hammers
2003-01-14 12:12 ` /proc/net/ip_conntrack filling without ipt_conntrack.o loaded? Christian Hammers
2003-01-14 13:43   ` Filip Sneppe [this message]
2003-01-14 15:06     ` Christian Hammers
2003-01-14 15:49       ` Filip Sneppe
2003-01-14 16:01         ` Christian Hammers
2003-01-14 16:09           ` Filip Sneppe
2003-01-14 16:37             ` Christian Hammers
2003-01-14 16:58               ` Filip Sneppe
2003-01-21  6:16 ` filtering asym. routing without "ip_conntrack: table full"? ard-netfilter
2003-01-21 10:45   ` Jakub Jakacki
2003-01-29  2:14     ` Arnt Karlsen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1042551825.465.143.camel@xbox \
    --to=filip.sneppe@cronos.be \
    --cc=ch@westend.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.