Re: Conntrack full, but not really

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Krystian <optimusprime@o2.pl>
Cc: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: Re: Conntrack full, but not really
Date: Thu, 25 Mar 2004 11:30:40 +0100	[thread overview]
Message-ID: <4062B4D0.5080701@o2.pl> (raw)
In-Reply-To: <1080191858.12362.80.camel@raylinux.internal>

Ray Leach wrote:

>On Thu, 2004-03-25 at 00:57, Stephen Smoogen wrote:
>  
>
>>On Wed, 2004-03-24 at 14:13, Pierre Ossman wrote:
>>    
>>
>>>Hi!
>>>
>>>I'm having the standard problem of the connection tracker running out of 
>>>space, but this time with a twist. If I check how many connections it is 
>>>currently tracking it is nowhere near the upper limit. I've searched 
>>>through the archives and haven't found anything like this.
>>>
>>>The machine is a P-2 333 MHz with 96 MB of RAM doing nothing but 
>>>routing. It's running Red Hat 9 with kernel 2.4.20-28.9 (although the 
>>>problem exists with other Red Hat kernels). The problem appears after 
>>>about a month of uptime. After that the machine needs to be rebooted to 
>>>recover (flushing out the connection tracker might work aswell but that 
>>>doesn't really make the problem less severe).
>>>
>>>      
>>>
>>The problem is with a conntrack patch that Red Hat is including from an
>>old Alan Cox tree. It seems to leak memory somewhere so that if you look
>>in /proc/net/ip_conntrack it is 'empty' but if you look at
>>/proc/slabinfo it is full. 
>>
>>The problem can show up pretty quickly if the ip_conntrack_ftp is loaded
>>on a heavy server. My fix has been to get a 2.4.25 kernel and compile it
>>as an RPM and use it. 
>>
>>Beyond that, maybe RH will offer a fixed kernel for RHL-9, but I am
>>doubting it.
>>    
>>
>
>Yeah, and if they don't just switch to SuSE ;-)
>
>  
>
Fedora :)

     prev parent reply	other threads:[~2004-03-25 10:30 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-03-24 21:13 Conntrack full, but not really Pierre Ossman
2004-03-24 22:57 ` Stephen Smoogen
2004-03-25  5:17   ` Ray Leach
2004-03-25 10:30     ` Krystian [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4062B4D0.5080701@o2.pl \
    --to=optimusprime@o2.pl \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.