Dear list,
I've recently reboot my linux router due to fool ip_conntrack table
(/proc/net/ip_conntrack). The box is hook up to the internet with
dynamically assign ip and run a 2.4.20 kernel.
Upon investigation after the reboot, it appears that the table contains
stale entries of connections made with previous ip addresses that slowly
fill it up.
More precisely you can find the state of my router after 6 days of
uptime. Attached are the ip_conntrack table and the list of ip
addresses that have been assigned to me.
You can see there that out of about 1000 entries, only 50 are relevant,
the other entries figuring connections made with my previous ip
addresses, some of them 6 days old.
I can only guess that once the ip of ppp0 has changed, the kernel does
not touch those connections although they are still present.
The problem is triggered by the use of mldonkey, a peer to peer client
that uses up to 900 simultaneous tcp connections. The problem does not
show up on another router of mine that never has more than 50
connections at the same time.
Precision on connection : adsl speed touch usb with userland driver.
kernel version 2.4.20, kernel configuration attached
ip_conntrack compiled into the kernel
PS : the bug has possibly been encountered by others as seen on the
netfilter mailing list but I think that increasing ip_conntrack_max is
definitely *not* the right fix :-)
please CC me any reply for I'm not subscribed to the list.
This archive was generated by hypermail 2b29 : Tue Apr 15 2003 - 22:00:21 EST