On Mon, Feb 15, 2010 at 2:10 PM, Afi Gjermund <afigjermund@xxxxxxxxx> wrote: > On Mon, Feb 15, 2010 at 2:02 PM, Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote: >> Le lundi 15 février 2010 à 14:00 -0800, Afi Gjermund a écrit : >>> On Mon, Feb 15, 2010 at 1:52 PM, Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote: >>> > Le lundi 15 février 2010 à 13:08 -0800, Afi Gjermund a écrit : >>> >> > >>> >> On my 2.6.26.5 kernel I do not have CONFIG_NAMESPACES set. >>> > >>> > could you post the result of 'netstat -s' ? >>> > >>> > >>> > >>> >>> Unfortunately the Busybox version of netstat doesn't have the statistics option. >> >> ok then :) >> >> cat /proc/net/snmp >> >> >> > Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors > ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests > OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails > FragOKs FragFails FragCreates > Ip: 2 64 137517215 0 33726 0 0 0 136714167 151150681 186 53 0 0 0 0 0 0 0 > Icmp: InMsgs InErrors InDestUnreachs InTimeExcds InParmProbs > InSrcQuenchs InRedirects InEchos InEchoReps InTimestamps > InTimestampReps InAddrMasks InAddrMaskReps OutMsgs OutErrors > OutDestUnreachs OutTimeExcds OutParmProbs OutSrcQuenchs O > utRedirects OutEchos OutEchoReps OutTimestamps OutTimestampReps > OutAddrMasks OutAddrMaskReps > Icmp: 35 0 35 0 0 0 0 0 0 0 0 0 0 437 0 437 0 0 0 0 0 0 0 0 0 0 > IcmpMsg: InType3 OutType3 > IcmpMsg: 35 437 > Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens > AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs > OutRsts > Tcp: 1 200 120000 -1 0 139 0 80 0 17587 19167 63 0 11984 > Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors > Udp: 136619682 437 0 151131067 0 0 > UdpLite: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors > UdpLite: 0 0 0 0 0 0 > I am still trying to figure out why the nf_conntrack_count differs from the table system. I decided I would use the conntrack userspace tools. Both of my NICs are unplugged with no other userspace applications running to affect connection tracking counts. root@titan ~# date Thu Feb 18 17:35:21 UTC 2010 root@titan ~# ./conntrack -C conntrack 351 root@titan ~# date Thu Feb 18 17:35:24 UTC 2010 root@titan ~# ./conntrack -F conntrack conntrack v0.9.14 (conntrack-tools): connection tracking table has been emptied. root@titan ~# date Thu Feb 18 17:35:31 UTC 2010 root@titan ~# ./conntrack -C conntrack 351 root@titan ~# date Thu Feb 18 17:35:36 UTC 2010 Shouldn't the value after the flush be 0? The traffic that has created this mess is from a REDIRECT rule in the PREROUTING chain of the 'nat' table. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
