martin f krafft wrote:
also sprach Blair L Strang <bls@totalinfosecurity.com> [2005.03.15.2256 +0100]:Sorry I didn't understand from your original post that this was only happening occasionally. Duh!It does only happen occassionally...Perhaps look into ip_conntrack_max?I don't have such a file. ip_conntrack_expect is the only other one...
It /is/ a bit of a long shot because you probably would have noticed messages
saying "ip_conntrack: maximum limit of <n> entries exceeded" from your kernel. But
worth a look anyway.
ip_conntrack_max is a sysctl which determines how many conntrack entries are kept.
See: /proc/sys/net/ipv4/ip_conntrack_max.
Comparing this with "wc -l /proc/net/ip_conntrack" will tell you how close to the
limit you are at a given point in time. The numbers can change pretty dramatically
depending on use or abuse; a single nmap -sU -T Insane will chew through a lot of
conntracks (1600 or so at peak when I tried it).
Ta,
Blair.
--
M-x yow!
Well, O.K. I'll compromise with my principles because of EXISTENTIAL DESPAIR!