Hello
On Tue, Jan 14, 2003 at 02:43:45PM +0100, Filip Sneppe wrote:
> On Tue, 2003-01-14 at 13:12, Christian Hammers wrote:
> > I had ipt_conntrack.o loaded (see last mail) and then removed. But still
> > my /proc/net/ip_conntrack got filled up.
> > Then I did "echo '10000' > /proc/sys/net/ipv4/ip_conntrack_max" and it
> > still raised.
> > Now, after waiting 10min or so the values are slightly falling (I had
> > fear that it crashed when reaching 0xffff)..
> >
> > Are the first two events signs for a bug or is it expected behaviour
> > that somehow the conntrack code remains in the kernel even if the module
> > has been removed?
>
> You sure it's not due to a typo ? It's ip_conntrack.o, not
> ipt_conntrack. After an rmmod, what does lsmod say ?
Ok, that was just a typo while writing the mail. I always checked with
lsmod as user root. Currently:
/home/ch# lsmod
Module Size Used by Not tainted
ipt_LOG 3200 2 (autoclean)
iptable_filter 1760 1 (autoclean)
ip_tables 13184 2 [ipt_LOG iptable_filter]
dummy 1088 1
eepro100 18444 3
mii 2320 0 [eepro100]
unix 13892 14 (autoclean)
> About the high nuber of tracked connections, are you
> talking about /proc/net/ip_conntrack ?
Yes. As wrote in my previous mail (should have written it here, too),
this router does asymetric routing, i.e. the packets for a connection
come in over it but the answer packets go out via another router.
So it will almost never see a real 3way tcp handshake or the like.
Fitting to this explanation, the kind of traffic in the
/proc/net/ip_conntrack is 99.9% "UNREPLIED" but apart from that
absolutely normal traffic (mostly port 80 and usual IPs).
> Regards,
> Filip
bye,
-christian-
--
Christian Hammers WESTEND GmbH | Internet-Business-Provider
Technik CISCO Systems Partner - Authorized Reseller
Lütticher Strasse 10 Tel 0241/701333-11
ch@westend.com D-52064 Aachen Fax 0241/911879
