Re: Linux - nf_conntrack_count = 30684?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Sep 9, 2016 at 3:29 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> On Fri, Sep 09, 2016 at 10:29:33AM +0200, Jens Koehler wrote:
>>  A Linux application reads cyclically data from up to 32 severs by
>> Tcp. After disconnecting of many/ all servers another Linux
>> application could not send data via the network interface by UDP.
>> nf_conntrack_count shows an unexpected high value:
>>
>> net.netfilter.nf_conntrack_count = 30684
>>
>> What means the number exactly?
>
> This is the number of conntrack entries in the table.
>
>> And what could be reason for so many open connections if no server
>> is connected?
>
> Do `conntrack -L' or `cat /proc/net/nf_conntrack' show entries?

 Yes, 'cat /proc/net/nf_conntrack' shows a huge number of following entries:
ipv4     2 tcp      6 109 SYN_SENT src=192.168.171.100
dst=192.168.171.160 sport=37660 dport=502 [UNREPLIED]
src=192.168.171.160 dst=192.168.171.100 sport=502 dport=37660 mark=0
use=2
ipv4     2 tcp      6 95 SYN_SENT src=192.168.171.100
dst=192.168.171.168 sport=6341 dport=502 [UNREPLIED]
src=192.168.171.168 dst=192.168.171.100 sport=502 dport=6341 mark=0
use=2
ipv4     2 tcp      6 105 SYN_SENT src=192.168.171.100
dst=192.168.171.112 sport=50811 dport=502 [UNREPLIED]
src=192.168.171.112 dst=192.168.171.100 sport=502 dport=50811 mark=0
use=2
ipv4     2 tcp      6 109 SYN_SENT src=192.168.171.100
dst=192.168.171.111 sport=25782 dport=502 [UNREPLIED]
src=192.168.171.111 dst=192.168.171.100 sport=502 dport=25782 mark=0
use=2
ipv4     2 tcp      6 103 SYN_SENT src=192.168.171.100
dst=192.168.171.155 sport=14076 dport=502 [UNREPLIED]
src=192.168.171.155 dst=192.168.171.100 sport=502 dport=14076 mark=0
use=2
ipv4     2 tcp      6 95 SYN_SENT src=192.168.171.100
dst=192.168.171.160 sport=34017 dport=502 [UNREPLIED]
src=192.168.171.160 dst=192.168.171.100 sport=502 dport=34017 mark=0
use=2
ipv4     2 tcp      6 100 SYN_SENT src=192.168.171.100
dst=192.168.171.105 sport=43547 dport=502 [UNREPLIED]
src=192.168.171.105 dst=192.168.171.100 sport=502 dport=43547 mark=0
use=2
ipv4     2 tcp      6 96 SYN_SENT src=192.168.171.100
dst=192.168.171.162 sport=22357 dport=502 [UNREPLIED]
src=192.168.171.162 dst=192.168.171.100 sport=502 dport=22357 mark=0
use=2
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux