* ip_conntrack: maximum limit of 16368 entries exceeded
@ 2001-01-16 6:48 rtviado
2001-01-16 13:44 ` Sven Koch
2001-01-17 2:13 ` Rusty Russell
0 siblings, 2 replies; 3+ messages in thread
From: rtviado @ 2001-01-16 6:48 UTC (permalink / raw)
To: linux-kernel
Hello,
I got this in my logs:
ip_conntrack: maximum limit of 16368 entries exceeded
what does this mean, I know i can change the limits in
/proc/sys/net/ipv4/ip_conntrack_max, but I want to know what this is for.
P.S. I looked into linux/Documentation but did not find any mention of
this configrable parameter....
--
Rodel T. Viado
System Administrator
Iligan Global Access Network Inc.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: ip_conntrack: maximum limit of 16368 entries exceeded
2001-01-16 6:48 ip_conntrack: maximum limit of 16368 entries exceeded rtviado
@ 2001-01-16 13:44 ` Sven Koch
2001-01-17 2:13 ` Rusty Russell
1 sibling, 0 replies; 3+ messages in thread
From: Sven Koch @ 2001-01-16 13:44 UTC (permalink / raw)
To: rtviado; +Cc: linux-kernel
On Tue, 16 Jan 2001, rtviado wrote:
> I got this in my logs:
>
> ip_conntrack: maximum limit of 16368 entries exceeded
>
> what does this mean, I know i can change the limits in
> /proc/sys/net/ipv4/ip_conntrack_max, but I want to know what this is for.
This means that iptable is tracking more than 16368 parallel connections.
Either a very busy box or some spoofed flooding.
> P.S. I looked into linux/Documentation but did not find any mention of
> this configrable parameter....
see http://netfilter.kernelnotes.org/ - seems that the in-kernel documents
are not uptodate
c'ya
sven
--
The Internet treats censorship as a routing problem, and routes around it.
(John Gilmore on http://www.cygnus.com/~gnu/)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: ip_conntrack: maximum limit of 16368 entries exceeded
2001-01-16 6:48 ip_conntrack: maximum limit of 16368 entries exceeded rtviado
2001-01-16 13:44 ` Sven Koch
@ 2001-01-17 2:13 ` Rusty Russell
1 sibling, 0 replies; 3+ messages in thread
From: Rusty Russell @ 2001-01-17 2:13 UTC (permalink / raw)
To: rtviado; +Cc: linux-kernel
In message <Pine.LNX.4.30.0101161444450.24215-100000@bigbird-ipgi.iligan.com> y
ou write:
> I got this in my logs:
>
> ip_conntrack: maximum limit of 16368 entries exceeded
It's OK, it just means that you have *alot* of connections going
through your box (or maybe you don't route both ways through your box,
which you need to do for connection tracking to work). We have to be
slow in timing out connections, but when the limit gets hit, we get
more aggressive: the algo's pretty good, so you probably won't notice
any problems.
Cheers,
Rusty.
--
http://linux.conf.au The Linux conference Australia needed.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2001-01-19 22:02 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-01-16 6:48 ip_conntrack: maximum limit of 16368 entries exceeded rtviado
2001-01-16 13:44 ` Sven Koch
2001-01-17 2:13 ` Rusty Russell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox