Bug 109903 - ip_conntrack problem (packets dropped)
ip_conntrack problem (packets dropped)
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Arjan van de Ven
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2003-11-12 15:04 EST by Fabrice Bellet
Modified: 2007-04-18 12:59 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-30 11:41:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Fabrice Bellet 2003-11-12 15:04:44 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; Galeon)
Gecko/20031030 Galeon/1.3.10

Description of problem:
I have RH9 as a firewall behind my fr2.rpmfind.net mirror.
ip_conntrack_ftp is loaded. Since my upgrade to RH9, I see these
messages in my log :

NET: 45 messages suppressed.
ip_conntrack: table full, dropping packet.
NET: 47 messages suppressed.

And the network traffic slowly goes down to zero. The particulary of
this problem is that the number of tracked connections reported by wc
-l /proc/net/ip_conntrack is far below (~2500) the fixed limit in
/proc/sys/net/ip_v4/ip_conntrack_max (65536). Due to a previous
problem of the same kind, I added a MRTG graph showing the
ip_conntrack counts. As you can see on
http://bellet.info/~bellet/ip_conntrack.png, the problem occured
around 18:00 -> 20:00. The total number of tracked connections
continuously decreased during this period. As a workaround, I doubled
the value of ip_conntrack_max (128K), and it's now working again. So
it seems to me that expired tracked connections are someway not
completely freeed.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. just wait for a few days of network activity.

Additional info:
Comment 1 Bugzilla owner 2004-09-30 11:41:42 EDT
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/

Note You need to log in before you can comment on or make changes to this bug.