From: Phil Oester <kernel@linuxace.com>
To: Thomas Jarosch <thomas.jarosch@intra2net.com>
Cc: netfilter-devel <netfilter-devel@lists.netfilter.org>
Subject: Re: ip_conntrack table full problem
Date: Mon, 21 Mar 2005 10:08:12 -0800 [thread overview]
Message-ID: <20050321180812.GA14954@linuxace.com> (raw)
In-Reply-To: <200503211803.18918.thomas.jarosch@intra2net.com>
On Mon, Mar 21, 2005 at 06:03:18PM +0100, Thomas Jarosch wrote:
> > Yes, you're leaking conntracks somewhere. Any possibility of testing
> > a somewhat newer kernel than 2.4.21? This may have already been
> > fixed.
>
> Thank you for your response.
> Unfortunately I cannot update to a newer kernel soon.
>
> Would it be possible to dump the internal conntrack tables
> once the error occurs? Then we would at least know what
> is filling the table up. Is there some kind of debug macro
> I could add before the printk("conntrack table full") code?
No easy way. Last week I posted a patch which would have made
this possible by creating a 'cleaned' list, but since you cannot
upgrade kernels, you could not use this anyway.
> Or a more aggressive solution:
> Flush the complete conntrack table once the error occurs.
> This would kill all running connections, but the machine
> would still be reachable afterwards.
Even if conntrack were modular, you would be unable to unload
it (see the thread referenced above).
> Any other ideas?
I'm still studying the root cause and have narrowed it down
somewhat, but no patch yet.
> I'll try to reproduce the problem in a test environment,
> but it will be hard to narrow the cause down.
What's the traffic pattern on this box? In my testing I've
never seen such high rates of leakage.
Phil
next prev parent reply other threads:[~2005-03-21 18:08 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-14 15:47 ip_conntrack table full problem Thomas Jarosch
2005-03-14 17:18 ` Phil Oester
2005-03-15 10:13 ` Thomas Jarosch
2005-03-21 14:13 ` Thomas Jarosch
2005-03-21 16:21 ` Phil Oester
2005-03-21 17:03 ` Thomas Jarosch
2005-03-21 18:08 ` Phil Oester [this message]
2005-03-21 18:23 ` Thomas Jarosch
2005-03-21 21:14 ` Phil Oester
2005-03-21 22:58 ` Thomas Jarosch
2005-03-21 18:41 ` Patrick Schaaf
2005-03-21 21:15 ` Phil Oester
2005-03-23 2:38 ` Patrick McHardy
2005-03-23 9:11 ` Thomas Jarosch
2005-03-29 20:26 ` Thomas Jarosch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050321180812.GA14954@linuxace.com \
--to=kernel@linuxace.com \
--cc=netfilter-devel@lists.netfilter.org \
--cc=thomas.jarosch@intra2net.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.