On 6. novembra 2024 17:44:50 UTC, Matt Zagrabelny <mzagrabe@xxxxxxxxx> wrote:
>I've waited a week to let the TCP streams in the conntrack table time
>out. I'm still seeing the kernel drop packets:
># cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count
>65536
># conntrack -L > /dev/null
>conntrack v1.2.1 (conntrack-tools): 22 flow entries have been shown.
Your system seems to be broken, you can have zombie connections or
you meet same (old) bug.
Try to reboot it, with a little of luck it will solve that (i roughly remember
some problems, in old kernels, after conntrack become full, but i am not
sure), othervise you can start to track it from zero and try to find source.
Perhaps unload/load the conntrack module will help too...
BTW, you can show conntracks count by:
conntrack -C
You can test which number it display, mine matches...
regards
--
Slavko
https://www.slavino.sk/
