strange phenomena about ip_conntrack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi,all,
 
I'm a newbie of netfilter.I have a problem on it. I think it maybe has some bugs.
 
A month ago my gateway using linux2.4-7-10 can not forward any packets because it's conntrack table is full, it displaies "ip_conntrack: table full, dropping packet.".the memory of the gateway is 256M.
After that i do a experiment on it.
 
I set the variable hash_size 20, then the variabel ip_conntrack_max should be 160.
I adjust the TCP timeout on established to 1 hours, and decrease the udp timeout to 1/3 of original value.
I deny the broadcast packet to leave track in conntrack table by open the condition '#if 0 ' to '#if 1' in header of function ip_conntrack_in .
I print the value of ip_conntrack_count in the header of function init_conntrack.
 
After 2 days, the conntrack table is full, /var/log/messages display the ip_conntrack_count is 167, and /proc/net/ip_conntrack is empty.
 
Why?!, Why the ip_conntrack_count is bigger than ip_conntrack_max?
Why is /proc/net/ip_conntrack is empty?
how can this occurs?
 
who can help me?
 
thanks in advance!

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux