Bug 144875
Summary: | ip_conntrack table full | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Stephen Collier <judithc> |
Component: | kernel | Assignee: | Dave Jones <davej> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | jasone, pfrields, trevor, zing |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-01-31 18:13:44 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Stephen Collier
2005-01-12 09:02:58 UTC
This is a kernel problem. Assigning to kernel. I have confirmed this as a problem as well. Does the Connnection track/rst fix (Martin Josefsson) Correct this problem in the kernel release kernel-2.6.10-1.741_FC3 kernel-2.6.10-1.741_FC3 works for me. # cat /proc/net/ip_conntrack|wc -l 1055 much better than the ~32000 i would get with -737 kernel-2.6.10-1.741_FC3 appears to still have the bug. Yes, 741 still has the bug for sure. It bit me too just recently. Unreplied TCP connections will hang around for 5 days and quickly fill the 32k (depending on your RAM) table size. I was doing nmap scans of my own network and it would fill up the table in no time! This is a very bad bug that under many normal conditions will cause dropped connections to/from a system, resulting in intermittent and hard to diagnose networking issues. I installed 741 last night, it seems to be OK, I am getting back to the 150 or so table, not the 32000. I will confirm next week when full load comes on the server on a weekday. kernel-2.6.10-1.741_FC3 has been running fine all day today. It has resolved my ip_conntrack bug. # cat /proc/net/ip_conntrack|wc -l 83 much better than 32000 This bug is NOT fixed as of 741! My test from Jan 27 still has the entries from that date. To easily fill up your table with entries that don't expire for way too long: nmap -S 192.168.100.1 -sP 192.168.100.2-254 (change 192.168.100 to your internal subnet/ip) each run of that command adds a couple hundred entries to the table: cat /proc/net/ip_conntrack | wc and they don't go away for at least days. Tested and verified on: 2.6.10-1.741_FC3smp |