Bug 524884 - reading from /proc/net/ip_conntrack returns ENOSPC
Summary: reading from /proc/net/ip_conntrack returns ENOSPC
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel
Version: 4.9
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Danny Feng
QA Contact: Dayong Tian
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-22 15:23 UTC by Marc Milgram
Modified: 2018-11-14 17:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-02-16 15:57:52 UTC


Attachments (Terms of Use)
posted patch (4.80 KB, patch)
2009-09-28 09:54 UTC, Danny Feng
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0263 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 4.9 kernel security and bug fix update 2011-02-16 15:14:55 UTC

Description Marc Milgram 2009-09-22 15:23:11 UTC
Description of problem:
If the hash chain is too long, reading from /proc/net/ip_conntrack doesn't doesn't output useful data, but instead outputs "No space left on device"

Version-Release number of selected component (if applicable):
kernel-2.6.9-78.0.13.ELsmp

How reproducible:
Always

Steps to Reproduce:
1. iptables rules to track the connection
2. incoming load
3. cat or wc on /proc/net/ip_conntrack
  
Actual results:
cat or wc results in End of space message

Expected results:
Read to /proc/net/ip_conntrack should not fail or throw the error message

Additional info:

Comment 1 Marc Milgram 2009-09-22 15:24:16 UTC
It looks like this is the piece of code that is responsible for this message

static int ct_seq_show(struct seq_file *s, void *v)
{
       struct list_head *list = v;
       int ret = 0;

       /* FIXME: Simply truncates if hash chain too long. */
       READ_LOCK(&ip_conntrack_lock);
       if (LIST_FIND(list, ct_seq_real_show,
                     struct ip_conntrack_tuple_hash *, s))
               ret = -ENOSPC;
       READ_UNLOCK(&ip_conntrack_lock);
       return ret;
}

Upstream patch seems to be missing in RHEL 4

[NETFILTER]: Fix /proc/net/ip_conntrack seq_file operations

http://www.mail-archive.com/bk-commits-head@vger.kernel.org/msg03409.html

Comment 3 Danny Feng 2009-09-28 09:54:01 UTC
Created attachment 362875 [details]
posted patch

Comment 4 RHEL Product and Program Management 2010-10-12 17:52:00 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 5 Vivek Goyal 2010-10-14 14:40:58 UTC
Committed in 89.43.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/

Comment 16 errata-xmlrpc 2011-02-16 15:57:52 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0263.html


Note You need to log in before you can comment on or make changes to this bug.