I am working on tracking down a 'leak' in ip_conntrack_ftp in the RHL 7.x kernels that we are seeing on several FTP servers. The leak seems to occur with some servers that have automated cron jobs that get updates every hour. What happens is that as time goes on, we see a larger disconnect between /proc/slabinfo and /proc/net/ip_conntrack. ip_conntrack will state that it has only 2-4 entries in it, but the kernel will state that it has run out of entries and looking at the /proc/slabinfo we see it has filled up and isnt releasing any entries. By various testing of putting all the rules to ACCEPT and keeping the modules in, and then removing a module at a time, I have gotten it down to something in the ip_conntrack_ftp. Having the module in the system will eat up the standard number of entries within 20 hours. I am trying to figure out where to proceed next in order to help fix: 1) Try a recompiled kernel with POM-20030912 and see if it works? 2) Try some sort of flag to get more info? 3) Anything else? The kernel is Red Hat's patched 2.4.20-24.7 Thanks (and thankyou all for your work). -- Stephen John Smoogen smoogen@xxxxxxxx Los Alamos National Lab CCN-5 Sched 5/40 PH: 4-0645 Ta-03 SM-1498 MailStop B255 DP 10S Los Alamos, NM 87545 -- So shines a good deed in a weary world. = Willy Wonka --
