From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matt Ayres Subject: Re: Hard lock of server - saved history from serial consolewithin Date: Wed, 19 Apr 2006 19:26:00 -0400 Message-ID: <4446C708.4070802@tektonic.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Ian Pratt Cc: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org Ian Pratt wrote: >> Yes, an iptable rule for each IP for bandwidth accounting. >> Also 4 rules in the raw table and 4 rules in the nat table >> for port redirection. I don't see how the actual iptables >> rules could effect the kernel though. > > (!) iptables causes big changes to the way packets pass through the > kernel. > > In particular, it sounds like you may be using connection tracking for > NAT. There were lots of changes in this area for 2.6.16, one of which > broke bridging for large UDP and ICMP datagrams. > > Seeing what iptables modules you have loaded may be interesting. It > doesn't look much like a xen issue, but I wouldn't totally rule it out. Most all are compiled in. I do use connection tracking. I doubt it is a Xen problem anymore. I am upgrading all kernels to 2.6.16.9 to see if that fixes it. If not I'll have to try 2.6.17-rcX (whatever is the latest). I tried applying it and got many rejects so I don't know how advanced of a kernel hacker I'd have to be to get that working. Thanks, Matt