Re: "ip_conntrack_core: Frag of proto 17." error and memory leak?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

| How about investigating why are you getting fragments ? Maybe you can
| eliminate the problem by avoiding fragmentation.

I tcpdumped it. It seems it is big syslog messages generated by one of
my hosts which don't fit in one packet. Syslog uses udp, so it fragment
these packets. And there are some minor fragmented udp packets from
users (perhaps some p2p program generates them).

| Anyway, as I remember the conntrack mechanism assembles fragments for
| connection tracking purposes, thus it's denoted as /* Never happen */
| Maybe you are being flooded, and the conntrack mechanism sees, something
| like new fragmented UDP packets that cannot be assembled. Run iptraf,
| tcpdump, snort or whatever you wish.

It is strange. These messages are logged even if fragments rate (sniffed
with tcpdump) is very low. It doesn't look like messages are indicating
fragments flood.

| This could explain the memleak: conntrack reserves memory for each udp
| fragment and hopes to assemble it, which never happens. I guess that
| this should be free'd at some point, after failing to assemble the data,
| but I am not sure.

I investigated it more deeply - log messages and memory leaks don't
correlate. The first happens in other time than second. Sorry for bad hint.
I was supposing these "leaks", because my box was hanging every day. I
replaced hardware and it stopped.
RAM "jumps" still happen. But now, when box uptime is > 1day I see RAM
returns to norm, some time after "leak". I spend long time tracking it,
and I know only one: RAM is not eaten by processes for sure. But
increased process activity triggers RAM leak (and I know - increased
process activity triggers cache and buffers grow, but I substracted
these in my tests). After processes end, there is fewer RAM than before.

But this problem appears now to be a little offtopic.
And now, when my box isn't hanging such frequently it isn't so important ;-)

Greets!

- --
c0g@xxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/aG4tPqmVt5WhbA8RAkJnAJ9snfyKYWJeyXnv9i7WJqFvBacUSQCeNpZt
s9XiHzavRoLQK7AEiSk6lA8=
=cz2P
-----END PGP SIGNATURE-----


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux