Re: Conntrack full, but not really

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ray Leach wrote:

On Thu, 2004-03-25 at 00:57, Stephen Smoogen wrote:


On Wed, 2004-03-24 at 14:13, Pierre Ossman wrote:


Hi!

I'm having the standard problem of the connection tracker running out of space, but this time with a twist. If I check how many connections it is currently tracking it is nowhere near the upper limit. I've searched through the archives and haven't found anything like this.

The machine is a P-2 333 MHz with 96 MB of RAM doing nothing but routing. It's running Red Hat 9 with kernel 2.4.20-28.9 (although the problem exists with other Red Hat kernels). The problem appears after about a month of uptime. After that the machine needs to be rebooted to recover (flushing out the connection tracker might work aswell but that doesn't really make the problem less severe).



The problem is with a conntrack patch that Red Hat is including from an
old Alan Cox tree. It seems to leak memory somewhere so that if you look
in /proc/net/ip_conntrack it is 'empty' but if you look at
/proc/slabinfo it is full.

The problem can show up pretty quickly if the ip_conntrack_ftp is loaded
on a heavy server. My fix has been to get a 2.4.25 kernel and compile it
as an RPM and use it.

Beyond that, maybe RH will offer a fixed kernel for RHL-9, but I am
doubting it.



Yeah, and if they don't just switch to SuSE ;-)



Fedora :)

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux