Le 09/02/2012 20:39, Pablo Neira Ayuso a écrit :
On Thu, Feb 09, 2012 at 05:11:40PM +0100, Jean-Philippe Menil wrote:
Le 09/02/2012 16:57, Pablo Neira Ayuso a écrit :
On Wed, Feb 08, 2012 at 03:45:21PM +0100, Jean-Philippe Menil wrote:
Hi,
I'm seeing bug in a host with a 3.2.1 kernel.
This host is running both kvm and lxc guest.
It seems that it happened just after the restart of a lxc guest.
However, it doesn't seem to affect any guest.
I was just wondering if this was problematic, and if so, what should
I do to debug this further.
Could you provide more information on your setup? Is it using
conntrackd or anything you think it can be relevant to this bug.
It can make it easier for us to know what's wrong with this.
Hi,
the server hosts two kvm guest (one firewall running contrackd, one
captive portal) and a lxc guest (running squid).
This setup remain unchanged for month, except the kernel (reboot
with a 3.2.1 one week ago).
Is conntrackd running with NetlinkEventsReliable On?
Hi,
No, the NetlinkEventsReliable is commented in the configuration file.
However, on the same hosts, i see strange things:
ths host boot with the following parameter:
net.netfilter.nf_conntrack_max=262144
net.netfilter.nf_conntrack_tcp_timeout_established=10800
nf_conntrack is loaded with the following parameter:
options nf_conntrack hashsize=262144
But it seems that the nf_conntrack_max reset to his default value
(65536) periodically.
Three days ago, i manually increase the nf_conntrack_max to 262144,
yesterday i see plenty of "nf_conntrack: table full, dropping packet".
checking the value, is fall down to 65536.
It's maybe not related, but i can't understand how the value can change?
Regards.
--
Jean-Philippe Menil - Pôle réseau Service IRTS
DSI Université de Nantes
jean-philippe.menil@xxxxxxxxxxxxxx
Tel : 02.53.48.49.27 - Fax : 02.53.48.49.09
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
