Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 167398 - connections don't expire when ipvs receives lots of incoming ICMPs
connections don't expire when ipvs receives lots of incoming ICMPs
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Burke
Brian Brock
: 176939 220149 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2005-09-02 07:17 EDT by Justin Albstmeijer
Modified: 2007-11-30 17:07 EST (History)
6 users (show)

See Also:
Fixed In Version: RHBA-2007-0304
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-05-01 19:21:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2007:0304 normal SHIPPED_LIVE Updated kernel packages available for Red Hat Enterprise Linux 4 Update 5 2007-04-28 14:58:50 EDT

  None (edit)
Description Justin Albstmeijer 2005-09-02 07:17:43 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
Using ipvs to loadbalance caching dns servers results in memory usage problems on the directors.
Because ipvs connections are not expired the ip_vs_conn slab keeps growing and growing untill the box runs out of memory.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. configure an ipvs director to loadbalance a couple of cachingnameservers
2. have loads of clients use this loadbalanced environment
3. watch the memory usage and open udp connections grow till the machine OOM's

Actual Results:  machine OOM's

Expected Results:  machine should clean up old connections

Additional info:

The following patch, fixes the problem.
This fix has been included to 2.6.12-rc5.


Julian Anastasov <ja@ssi.bg>:
    [IP_VS]: Remove extra __ip_vs_conn_put() for incoming ICMP.

    Remove extra __ip_vs_conn_put for incoming ICMP in direct routing
    mode. Mark de Vries reports that IPVS connections are not leaked anymore.

    Signed-off-by: Julian Anastasov <ja@ssi.bg>
    Signed-off-by: David S. Miller <davem@davemloft.net>

diff -ur v2.6.12-rc4/linux/net/ipv4/ipvs/ip_vs_xmit.c linux/net/ipv4/ipvs/ip_vs_xmit.c
--- v2.6.12-rc4/linux/net/ipv4/ipvs/ip_vs_xmit.c	2004-08-31 08:09:31.000000000 +0300
+++ linux/net/ipv4/ipvs/ip_vs_xmit.c	2005-05-09 00:31:47.810807232 +0300
@@ -520,7 +520,6 @@
 			rc = NF_ACCEPT;
 		/* do not touch skb anymore */
-		__ip_vs_conn_put(cp);
 		goto out;
Comment 2 Lon Hohberger 2007-02-01 10:06:25 EST
*** Bug 220149 has been marked as a duplicate of this bug. ***
Comment 3 Lon Hohberger 2007-02-01 10:14:38 EST
There's a bigger patch attached to #220149, but I don't know the implications of
the other parts of the patch.  Link:

Comment 4 Lon Hohberger 2007-02-01 10:21:43 EST
Additional information provided by reporter of #220149:

Comment 7 Lon Hohberger 2007-02-01 13:07:17 EST
*** Bug 176939 has been marked as a duplicate of this bug. ***
Comment 8 Neil Horman 2007-02-01 14:26:39 EST
I think we can ignore the extra portions of the larger patch.  The patch
targeted specifically to this problem is identical to this upstream commit:
Jeff I say you go ahead and post a backport of that commit.  Its been tested by
the reporter and its been upstream for some time.  lets not go fixing more than
the probelm described by the bug.
Comment 10 RHEL Product and Program Management 2007-02-02 00:04:14 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
Comment 12 Jeff Burke 2007-02-03 08:20:43 EST
Patch posted to internal mailing list for review, Awaiting kernel developer ACKs.
Comment 15 Jason Baron 2007-02-13 10:20:32 EST
committed in stream U5 build 47. A test kernel with this patch is available from
Comment 16 Jay Turner 2007-02-13 10:59:05 EST
QE ack for RHEL4.5.
Comment 19 Red Hat Bugzilla 2007-05-01 19:21:01 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.