W dniu 2012-01-20 18:05, Jan Engelhardt napisał(a):
geoip uses vmalloc for its huge allocations, so that can't be it. The
massive size of skbuff_head_cache would point towards there being a
lot
of dead skbs being held, which - in my nose - would smell of tarpit.
Did
you properly feed all packets that you tarpited also to -j CT
--notrack?
Surely i didn't use notrack;) I has problem how to use it, i'd like to
tarpit packets
at the end of INPUT at filter table, notrack i can use only in raw
table.
Have you got idea about kmallo-512 and kmalloc-2048? I'll try every
single module and watch
kmalloc usage. It will take a couple of days for each one. Maybe i'll
isolate which module
uses kmallocs. I suspect xtables because without them i didn't notice
such situation.
I'd like to ask is such usage of memory ok? Which module could take
so
much precious ram?:) (I suspect geoip). How much memory geoip can use
in
worse case (db with ipv4 and ipv6)?
The on-disk files for geoip are loaded verbatim into the kernel, so
that
would be only ~6 MB at worst for geoip, not 40+.
Thank you for all information.
Marcin
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
