Re: iptables: Resource temporarily unavailable.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jan Kasprzak <kas@fi.muni.cz>, netfilter-devel@vger.kernel.org
Subject: Re: iptables: Resource temporarily unavailable.
Date: Thu, 11 Nov 2010 16:57:23 +0100	[thread overview]
Message-ID: <4CDC1263.8070206@trash.net> (raw)
In-Reply-To: <1289489728.17691.1331.camel@edumazet-laptop>

Am 11.11.2010 16:35, schrieb Eric Dumazet:
> Le jeudi 11 novembre 2010 à 16:00 +0100, Jan Kasprzak a écrit :
>> 	Hello,
>>
>> I have a iptables-based firewall with ~1200 IPv4 and ~950 IPv6 rules.
>> When I want to reload its configuration, I often get "Resource temporarily
>> unavailable" error from iptables.
>>
>> I have a HA setup with two servers, and the error more often happens on
>> a server with four cores and 2 GB of RAM than on a server with two cores
>> and 4 GB of RAM.
>>
>> I have added a band-aid fix to my startup script - sleeping for one second
>> and trying again when the error code from iptables is 4, and it apparently
>> helps. But the error messages from the startup script are still a bit ugly.
>> What else can I do in order to fix the problem?
> 
> Hi
> 
> Please provide 
> 
> cat /proc/meminfo
> 
> Also please apply this patch :
> 
> http://git2.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=6b1686a71e3158d3c5f125260effce171cc7852b

This problem is usually caused by manipulating the ruleset from multiple
iptables instances concurrently.

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2010-11-11 15:57 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-11-11 15:00 iptables: Resource temporarily unavailable Jan Kasprzak
2010-11-11 15:35 ` Eric Dumazet
2010-11-11 15:57   ` Patrick McHardy [this message]
2010-11-11 17:25     ` Jan Kasprzak
2010-11-11 17:58       ` Eric Dumazet
2010-11-11 18:03         ` Jan Kasprzak
2010-11-11 18:10           ` Michał Mirosław
2010-11-11 18:20           ` Eric Dumazet
2010-11-12  7:38             ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4CDC1263.8070206@trash.net \
    --to=kaber@trash.net \
    --cc=eric.dumazet@gmail.com \
    --cc=kas@fi.muni.cz \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.