Description of problem: If the hash chain is too long, reading from /proc/net/ip_conntrack doesn't doesn't output useful data, but instead outputs "No space left on device" Version-Release number of selected component (if applicable): kernel-2.6.9-78.0.13.ELsmp How reproducible: Always Steps to Reproduce: 1. iptables rules to track the connection 2. incoming load 3. cat or wc on /proc/net/ip_conntrack Actual results: cat or wc results in End of space message Expected results: Read to /proc/net/ip_conntrack should not fail or throw the error message Additional info:
It looks like this is the piece of code that is responsible for this message static int ct_seq_show(struct seq_file *s, void *v) { struct list_head *list = v; int ret = 0; /* FIXME: Simply truncates if hash chain too long. */ READ_LOCK(&ip_conntrack_lock); if (LIST_FIND(list, ct_seq_real_show, struct ip_conntrack_tuple_hash *, s)) ret = -ENOSPC; READ_UNLOCK(&ip_conntrack_lock); return ret; } Upstream patch seems to be missing in RHEL 4 [NETFILTER]: Fix /proc/net/ip_conntrack seq_file operations http://www.mail-archive.com/bk-commits-head@vger.kernel.org/msg03409.html
Created attachment 362875 [details] posted patch
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Committed in 89.43.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0263.html