From: Stephen Jones <hivemynd@hivemynd.net>
To: Patrick McHardy <kaber@trash.net>
Cc: Andrew Morton <akpm@osdl.org>,
netdev@vger.kernel.org, "J.A. Magallon" <jamagallon@able.es>,
Netfilter Development Mailinglist
<netfilter-devel@lists.netfilter.org>,
linux-kernel@vger.kernel.org
Subject: Re: iptables bug
Date: Tue, 21 Jun 2005 14:21:48 -0500 [thread overview]
Message-ID: <42B868CC.1010008@hivemynd.net> (raw)
In-Reply-To: <42B753A8.5050808@trash.net>
Patrick McHardy wrote:
> Andrew Morton wrote:
>
>>"J.A. Magallon" <jamagallon@able.es> wrote:
>>
>>
>>>Are there any known problems with iptables ?
>
>
> No known problems.
>
>
>>>I see strange things.
>>>When I use bittorrent (azureus or bittorrent-gui), at the same time as
>>>iptables (for nat and internet access for my ibook), when I stop a download
>>>or exit from one of this apps my external network goes down.
>>>I have tried the same without iptables loaded and it works fine.
I have observed this behavior on multiple machines, but I don't think it
is specifically an iptables "bug" or kernel "bug". Most of my
experience is with 2.4.x kernels, so I can't remark about the 2.6.x series.
The original poster didn't give enough info for me to correlate anything
with conviction, but, consulting the tea leaves :D I would venture to
guess that the machine that has the network "go down" has less than 128
MB of RAM and is probably running lower end NICs (i.e. 8139too).
There appears to be two or three issues interacting with one another in
these scenarios:
a.) The various Bit Torrent clients and their ilk can generate a
staggering number of conncurrent connections. This can quickly fill the
conntracks on machines with little RAM and cause problems.
b.) The lower end nics (either the hardware itself, or the drivers, I
don't know enough about how to isolate the two) do not appear to be able
to handle the massive number of interrupts that are generated in this
scenario.
c.) The problem is more likely to manifest on "fat pipe" connections (6
MB +)
I would also wager the problem goes away if the torrent clients are shut
down.
I would look there, if I hade the skills requried to tease out anything
useful :D
Various linux based firewall forums have posts describing the same
behavior as the OP of this thread.
Here is one relatively recent example:
http://community.smoothwall.org/forum/viewtopic.php?p=43812#43812
I hope that helps in some way!
>
>
> What exactly do you mean with "network goes down"? Can you find out
> where the packets disappear? Do they silently disappear, or do you get
> an error code from sendmsg? What about received packets?
>
> Regards
> Patrick
>
>
>
next prev parent reply other threads:[~2005-06-21 19:21 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20050619233029.45dd66b8.akpm@osdl.org>
[not found] ` <1119305756l.1344l.0l@werewolf.able.es>
2005-06-20 22:34 ` iptables bug (was: Re: 2.6.12-mm1) Andrew Morton
2005-06-20 23:39 ` iptables bug Patrick McHardy
2005-06-21 19:21 ` Stephen Jones [this message]
2005-06-22 1:52 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42B868CC.1010008@hivemynd.net \
--to=hivemynd@hivemynd.net \
--cc=akpm@osdl.org \
--cc=jamagallon@able.es \
--cc=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).