From: "Cilliè Burger" <security@sadomain.co.za>
To: netfilter@lists.netfilter.org
Subject: Memory problem
Date: Thu, 03 Jul 2003 09:53:19 +0000 [thread overview]
Message-ID: <3F03FD0F.5070509@sadomain.co.za> (raw)
Hi Everyone
I was wondering if anyone has a solution to this problem.
I have a the following box that sits between our router and switch:
Pentium 200, 64 Mbyte RAM, Linux version 2.4.18-3
(bhcompile@stripples.devel.redhat.com)
(gcc version 2.96 20000731 (Red Hat Linux 7.3 2.96-110)), iptables v1.2.5
I almost never reboot this box, but lately I have noticed a dramatic
increase in memory consumption.
I start out on bootup with about 40 MB or so free and in a weeks time
its down to about 800KB.
When iptables is restarted and the rules flushed and reloaded I reclaim
about 6024 KB, which then gradually
decreases back to about a meg in a 16 hour period.
I run about 400 rules on this box and ipt_conntrack_max is set at 4096.
I do want to add more memory to the box, but i have this strange feeling
that it will just consume all of that aswell until
it reaches some kind of lower limit on allowable free memory.
Unfortunately I am not sure of how to count the number of simultaneous
connection
but since we run a few mail and web-servers and also a few busy dns servers.
I estimate that there are about 300 connections per second.
My questions, if anyone has payed attention thus far :)
Why does iptables consume so much memory ?
Why does iptables appear to loose so much memory ? When regarding this
question, consider the following:
On reboot and before loading of rules there is about 40 MB free ram.
After loading the rules, and about two weeks uptime
there is about 800KB of free memory. After flushing the rules, theres
only 6024 KB free.
Is there a slight possibility that this may be due to a memory leak of
some sort ?
Thanks in advance for your help. Keep up the good work Netfilter .
Regards,
Cilliiè Burger
SA-DOMAIN Internet Services
next reply other threads:[~2003-07-03 9:53 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-03 9:53 Cilliè Burger [this message]
2003-07-03 9:15 ` Memory problem Filip Sneppe
[not found] ` <3F044612.8020903@sadomain.co.za>
2003-07-03 14:42 ` Filip Sneppe
-- strict thread matches above, loose matches on Subject: below --
2005-04-24 14:40 Froggy / Froggy Corp.
2005-04-27 13:18 ` Erik Mouw
2005-04-27 16:29 ` Froggy / Froggy Corp.
2004-12-14 20:25 MEMORY PROBLEM ppclinux
2004-12-14 21:07 ` Jerry Van Baren
2004-12-15 16:51 ` ppclinux
2004-09-13 11:11 (unknown) Ankit Jain
2004-09-13 11:51 ` memory problem Ron Michael Khu
2004-05-26 10:14 Memory problem Pankaj
2003-07-03 16:10 Daniel Chemko
2003-04-03 0:40 memory problem 최영일
2002-10-07 14:33 Memory Problem Philipp Steinkrueger
2002-10-07 14:33 ` Philipp Steinkrueger
2002-10-07 15:21 ` Rik van Riel
2002-10-07 15:21 ` Rik van Riel
2002-10-07 15:52 ` Dave Hansen
2002-10-07 17:10 ` Glynn Clements
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F03FD0F.5070509@sadomain.co.za \
--to=security@sadomain.co.za \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.