[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


martin f krafft wrote:
also sprach Blair L Strang <bls@totalinfosecurity.com> [2005.03.15.2256 +0100]:

Sorry I didn't understand from your original post that this was
only happening occasionally.  Duh!

It does only happen occassionally...

Perhaps look into ip_conntrack_max?

I don't have such a file. ip_conntrack_expect is the only other

It /is/ a bit of a long shot because you probably would have noticed messages
saying "ip_conntrack: maximum limit of <n> entries exceeded" from your kernel. But
worth a look anyway.

ip_conntrack_max is a sysctl which determines how many conntrack entries are kept.
See: /proc/sys/net/ipv4/ip_conntrack_max.

Comparing this with "wc -l /proc/net/ip_conntrack" will tell you how close to the
limit you are at a given point in time.  The numbers can change pretty dramatically
depending on use or abuse; a single nmap -sU -T Insane will chew through a lot of
conntracks (1600 or so at peak when I tried it).



M-x yow!
Well, O.K.  I'll compromise with my principles because of EXISTENTIAL DESPAIR!

Reply to: