Re: [iptables] Implement huge amount of iptables make system crash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le Sun, Dec 04, 2011 at 10:09:07PM +0100, Jan Engelhardt a écrit :
> >2) These ~62k rules are not really significant for the load of my
> >firewall. But unfortunately, I had sometimes in my tests to manage some big 
> >failures, where an iptables command (-Z, -A or -L) is stuck on the system 
> >and then one of my cores is used at 100% and the load increases, and generally 
> >I get this kernel alert :
> >http://pastebin.com/F1DL7ZZT
> 
> Keep in mind that the ruleset is replaced for each HW thread and thus 
> puts big requirements on memory available; as such though, I would have 
> expected an OOM message rather than a Unable To Handle Kernel Paging 
> Request.

I had the chance to see a 'top' running when crashing and the memory (I
got plenty =16GB) was only used about 1/4.
But the CPUs are used at full capacity ! Do you know if it is SW or HW
issue ?

It could be a coincidence but my clock is running crazy. I have got some
huge offsets recently and I am trying to solve this other issue right
now. (AFAIK there is no reason it could be link to the iptables kernel
paging request) 

-- 
Leo Cavaille
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux