Alistair & All, I believe /proc/slabinfo gives # of conntracks being used, in my tests I usually find slabinfo number is same as number of entries in /proc/net/ip_conntrack. But, after 18hrs or so the number in /proc/slabinfo reaches maximum and box starts refusing connections, /proc/net/ip_conntrack show 20 to 30 entries, I hear /proc/net/ip_conntrack is unreliable and broken. Anyway, I guess I have to dig into the code. Thanks, -Kishore -----Original Message----- From: Alistair Tonner [mailto:Alistair@xxxxxxxxxx] Sent: Sunday, November 09, 2003 4:40 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: Memory leaks in ip_conntrack? Actually Anthony I'm inclined to agree with you .. I was just pointing out that the assumption that the count in /proc/slabinfo (ip_conntrack) is an indication of the count in /proc/net/ipv4/ip_conntrack is completely incorrect. i.e. the two counters are keeping track of dfferent things. I'm curious myself (as to what is causing this gent's problem) as there have been so many queries on this subject lately, and as I pointed out to Oskar we *really* are starting to need a FAQ on this. i.e. -- if you think this is a problem, here's best how to determine if iptables is causing memory issues on your system. Frequenly folks are implementing iptables and don't understand linux memory management schema and the affects it has on what they see on their screens. Not that I'm complaining, ... Its good learning for me as I try to diagnose the issue on my system, but it might make new users lives easier if we had the info out there to start with. Alistair Tonner nerdnet.ca Senior Systems Analyst - RSS Any sufficiently advanced technology will have the appearance of magic. Lets get magical!
