Hi, the kernel version is linux-2.6.20. I've tryed also 2.6.23 - and the same story. thanks m 2009/8/29 Eric Leblond <eleblond@xxxxxx>: > Hi, > > Could you please specify your kernel version ? > > BR, > > Le jeudi 27 août 2009 à 13:13 +0200, Michał Sewera a écrit : >> Hi, >> >> I have a strange problem with nf_conntrack: >> >> If I will try to generate small amount of TCP sessions, (i.e. 10 >> sessions), then after closing this sessions (on the client side, by >> closing application) output from: >> wc /proc/net/ip_conntrack >> and >> cat /proc/sys/net/nf_conntrack_count >> >> is the same -> so I can see the same amount of sessions tracked by nf_conntrack. >> >> >> But during testing the system with i.e. 100 new TCP sessions/sec >> (terminated to the same server), after closing the sessions output >> from wc /proc/net/ip_conntrack if correct (near 0), but all this >> sessions seems to be staying in cat /proc/sys/net/nf_conntrack_count. >> >> After exceeding the condition nf_conntrack_count < nf_conntrack_max, >> of course I am getting table full, dropping packet info in log. >> >> Some workaround is to set max value to very huge number i.e. >> 1000000000, but after some times eventually I will get the same >> problem and reebot will be required. >> >> So, if anyone from experts here will know anything about the cause of >> this problem I will be very gratefull, >> >> thanks for any support >> >> m >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html > -- > Eric Leblond <eleblond@xxxxxx> > INL: http://www.inl.fr/ > NuFW: http://www.nufw.org/ > EdenWall: http://www.edenwall.com/ > > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html