On 3/7/2013 9:16 AM, Jan Engelhardt wrote:
On Thursday 2013-03-07 18:07, Daniel L. Miller wrote:
On 3/7/2013 8:29 AM, Jan Engelhardt wrote:
On Thursday 2013-03-07 17:13, Daniel L. Miller wrote:
I've noticed that my connection tracking counters keep increasing -
Which counters?
/proc/sys/net/netfilter/nf_conntrack_count
and when it reaches /proc/sys/net/netfilter/nf_conntrack_max things break.
Could it be you are being DDoSed?
Anything's possible - but I don't have a high-visibility site. The
connection counter increments gradually - a new connection every couple
of seconds or so.
Trying to understand what's going on, I installed the "conntrack" tool.
conntrack -S yields:
entries 28752
searched 27822
found 11950927
new 457431
invalid 333
ignore 347677
delete 465404
delete_list 428962
insert 414575
insert_failed 0
drop 0
early_drop 0
icmp_error 0
expect_new 0
expect_create 0
expect_delete 0
search_restart 0
But more confusing is conntrack -L only shows 52 entries.
--
Daniel
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
