This issue seems known and solved. Following is a clear explanation I received elsewhere, included here with permission for completeness: Sounds like you are experiencing the timer overflow bug in ipt_recent. On 32bit machines with HZ at 1000 (the default in 2.6), you'll hit the bug after ~25 days of uptime. This could explain why you're only seeing this on some of your machines. There are a couple of workarounds available [1] [2], but the consensus from the Netfilter maintainers is that a full rewrite is needed. [1] http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/ [2] http://www.kd.cz/~martin/kernel-recent/ Apparently, patches exist and I have been told they have been rejected by the maintainer as ipt_recent "needs a complete rewrite". Could someone clue me in on the outlook? Is a rewrite already in progress? Are there plans to remove the buggy module from the stable kernel tree? Cheers, -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck invalid/expired pgp (sub)keys? use subkeys.pgp.net as keyserver! spamtraps: madduck.bogus@xxxxxxxxxxx micro$oft windows psychic edition: we will tell you where you are going tomorrow.
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)
