From: c0g <c0g@wp.pl>
To: Maciej Soltysiak <solt@dns.toxicfilms.tv>
Cc: netfilter@lists.netfilter.org
Subject: Re: "ip_conntrack_core: Frag of proto 17." error and memory leak?
Date: Wed, 17 Sep 2003 16:22:38 +0200 [thread overview]
Message-ID: <3F686E2E.4080100@wp.pl> (raw)
In-Reply-To: <Pine.LNX.4.51.0309161003230.13452@dns.toxicfilms.tv>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
| How about investigating why are you getting fragments ? Maybe you can
| eliminate the problem by avoiding fragmentation.
I tcpdumped it. It seems it is big syslog messages generated by one of
my hosts which don't fit in one packet. Syslog uses udp, so it fragment
these packets. And there are some minor fragmented udp packets from
users (perhaps some p2p program generates them).
| Anyway, as I remember the conntrack mechanism assembles fragments for
| connection tracking purposes, thus it's denoted as /* Never happen */
| Maybe you are being flooded, and the conntrack mechanism sees, something
| like new fragmented UDP packets that cannot be assembled. Run iptraf,
| tcpdump, snort or whatever you wish.
It is strange. These messages are logged even if fragments rate (sniffed
with tcpdump) is very low. It doesn't look like messages are indicating
fragments flood.
| This could explain the memleak: conntrack reserves memory for each udp
| fragment and hopes to assemble it, which never happens. I guess that
| this should be free'd at some point, after failing to assemble the data,
| but I am not sure.
I investigated it more deeply - log messages and memory leaks don't
correlate. The first happens in other time than second. Sorry for bad hint.
I was supposing these "leaks", because my box was hanging every day. I
replaced hardware and it stopped.
RAM "jumps" still happen. But now, when box uptime is > 1day I see RAM
returns to norm, some time after "leak". I spend long time tracking it,
and I know only one: RAM is not eaten by processes for sure. But
increased process activity triggers RAM leak (and I know - increased
process activity triggers cache and buffers grow, but I substracted
these in my tests). After processes end, there is fewer RAM than before.
But this problem appears now to be a little offtopic.
And now, when my box isn't hanging such frequently it isn't so important ;-)
Greets!
- --
c0g@wp.pl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/aG4tPqmVt5WhbA8RAkJnAJ9snfyKYWJeyXnv9i7WJqFvBacUSQCeNpZt
s9XiHzavRoLQK7AEiSk6lA8=
=cz2P
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2003-09-17 14:22 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-15 16:43 "ip_conntrack_core: Frag of proto 17." error and memory leak? c0g
2003-09-16 8:19 ` Maciej Soltysiak
2003-09-17 14:22 ` c0g [this message]
2003-09-17 16:56 ` Maciej Soltysiak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F686E2E.4080100@wp.pl \
--to=c0g@wp.pl \
--cc=netfilter@lists.netfilter.org \
--cc=solt@dns.toxicfilms.tv \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox