lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 1 Apr 2014 16:41:53 -0400 (EDT)
From:	Pietro Paolini <pulsarpietro@....com>
To:	linux-kernel@...r.kernel.org
Subject: nf_conntrack: table full

Hello,
I am doing some investigation regarding an error I am experiencing 
using my linux embedded device as router in my home network.

If I try to push the number the connections to around 20K I will se a 
lot of messages from the kernel saying :

nf_conntrack: table full, dropping packet.                              

nf_conntrack: table full, dropping packet.                              

nf_conntrack: table full, dropping packet.                              

nf_conntrack: table full, dropping packet.                              

nf_conntrack: table full, dropping packet.                              

nf_conntrack: table full, dropping packet.                              

nf_conntrack: table full, dropping packet.

Actually this is fine for me since the number of allowed conntrack is 
/proc/sys/net/netfilter/nf_conntrack_max  is around 7844, the
strange thing is that the device will reboot after a while - actually 
my watchdog reboots the device since is not able to allocate memory -
I have a try with slabtop running and I have seen that  but monitoring 
the /proc/slabinfo:
3968 nf_conntrack_c0d4eacc
4392 size-8192
6360 skbuff_head_cache
15356 size-4096
31808 size-1024

Well size-1024 is quite high, do you know where is that from and how is 
that related to the packets coming in ? Even point me at the right
folder in the source code could be great since I am really lost here.

Thanks in advance,
Pietro.

"And therefore never send to know for whom the bell tolls"
pulsarpietro@....com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists