nf_conntrack -> table full, dropping packet; problem with counting sessions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I have a strange problem with nf_conntrack:

If I will try to generate small amount of TCP sessions, (i.e. 10
sessions), then after closing this sessions (on the client side, by
closing application) output from:
wc /proc/net/ip_conntrack
and
cat /proc/sys/net/nf_conntrack_count

is the same -> so I can see the same amount of sessions tracked by nf_conntrack.


But during testing the system with i.e. 100 new TCP sessions/sec
(terminated to the same server), after closing the sessions output
from wc /proc/net/ip_conntrack if correct (near 0), but all this
sessions seems to be staying in cat /proc/sys/net/nf_conntrack_count.

After exceeding the condition nf_conntrack_count < nf_conntrack_max,
of course I am getting table full, dropping packet info in log.

Some workaround is to set max value to very huge number i.e.
1000000000, but after some times eventually I will get the same
problem and reebot will be required.

So, if anyone from experts here will know anything about the cause of
this problem I will be very gratefull,

thanks for any support

m
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux