Le Sun, Dec 04, 2011 at 10:09:07PM +0100, Jan Engelhardt a écrit : > >2) These ~62k rules are not really significant for the load of my > >firewall. But unfortunately, I had sometimes in my tests to manage some big > >failures, where an iptables command (-Z, -A or -L) is stuck on the system > >and then one of my cores is used at 100% and the load increases, and generally > >I get this kernel alert : > >http://pastebin.com/F1DL7ZZT > > Keep in mind that the ruleset is replaced for each HW thread and thus > puts big requirements on memory available; as such though, I would have > expected an OOM message rather than a Unable To Handle Kernel Paging > Request. I had the chance to see a 'top' running when crashing and the memory (I got plenty =16GB) was only used about 1/4. But the CPUs are used at full capacity ! Do you know if it is SW or HW issue ? It could be a coincidence but my clock is running crazy. I have got some huge offsets recently and I am trying to solve this other issue right now. (AFAIK there is no reason it could be link to the iptables kernel paging request) -- Leo Cavaille -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
