Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 07-26-2017, 09:39 AM   #1
LQ Newbie
Registered: Jul 2017
Posts: 4

Rep: Reputation: Disabled
Dropped RX packets on heave TX load

I'm running Mint as a firewall (using Shorewall) to protect a school network from bad stuff kids might do on a Raspberry Pi network. The Pis are accessed headless from the school network using VNC or PuTTy on school PCs.

All was working fine, but I rebuilt the firewall with a more current Mint but all other software the same. Now, the NIC connected to the school network is reporting large numbers of dropped RX packets when the TX load is heavy, specifically when VNC on a Pi is continually updating a desktop containing a video window from a Pi camera. As a result the said NIC repeatedly goes DOWN for around 30 secs before briefly recovering.

If I put the old hard disk back with the old system build it works fine. Exact same hardware. This uses a kernel 4.4.0-34 whereas the new build uses 4.8.0-53. The net parameters reported by sysctl show substantial increases for many of them so it wouldn't appear to be a buffering issue.

So what can make a heavy TX load case dropped RX packets, and what can I do about it.

Regards - Philip
Old 07-26-2017, 12:12 PM   #2
LQ Guru
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 15,723

Rep: Reputation: 2223Reputation: 2223Reputation: 2223Reputation: 2223Reputation: 2223Reputation: 2223Reputation: 2223Reputation: 2223Reputation: 2223Reputation: 2223Reputation: 2223
Welcome to LQ.
It seems you broke the Golden Rule:"If it ain't broke, don't fix it!"
You can eliminate the hardware, and systematically go through the software. Add in the old kernel, and see does that sort it. Is it handling the camera the same, or is there more resolution or more traffic? Has the workload for the Pi increased? Is it firewall, server, or what? You know what you're looking at, but we haven't a clue. Why not revert to the old setup?
Old 07-26-2017, 03:38 PM   #3
Registered: Mar 2008
Posts: 21,818

Rep: Reputation: 3609Reputation: 3609Reputation: 3609Reputation: 3609Reputation: 3609Reputation: 3609Reputation: 3609Reputation: 3609Reputation: 3609Reputation: 3609Reputation: 3609
Hello and welcome to LQ.

I guess there are a few things to note. One is total overall load, two might be driver and three driver settings or options maybe. I assume maybe others.

I think I'd run a different distro maybe. Try untangle linux or go with pfsense or some other. Some of the commercial/open distros offer free or low cost for schools.

Mint isn't really what I'd ever use for security. Too much extra stuff by default.

Soooo. You have choices. Use a much newer kernel. 4.12x. Build a dedicated firewall/UTM. Diag what you have.
Old 07-26-2017, 04:54 PM   #4
LQ Newbie
Registered: Jul 2017
Posts: 4

Original Poster
Rep: Reputation: Disabled
Unfortunately, Business Kid, all software is broken, which is why you have to patch it to eliminate vulnerabilities. Especially in a firewall!

Transplanting the kernel from the working system to the troublesome one seemed like a good idea until I realised I'd also have to transplant the abi, initrd and along with the vmlinuz, as well as modify the boot menu. And the grub docs gave me a headache last time I delved into them. Seems like good way to get an unbootable system and two headaches for the price of one.

But hey, that triggers another thought:

The build that works was probably built on the firewall itself, but the build that doesn't work was built on a very similar machine at home. I then took the HD into school for final tweaks (in particular, IP addressing schema). But the machine I have at home has more RAM. I'm thinking this might account for the larger net parameters reported by sysctl -a. Could these be unsuitable for the machine with less RAM. Is there a way of getting them recalculated for the different environment? I might try pinching the RAM out of this system and putting it in the school one tomorrow.

And Jefro - maybe I wouldn't start from here if I was starting over, but having invested many, many hours getting to the point where I am, I'm not about to change horses now. I did look at pfsense last Summer but couldn't see how to easily run additional software on it such as a web server. And it's a very different beast with its own learning curve.

Regards - Philip


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot analyse normalised routing load as RTR packets show as dropped in trace file Cataj Linux - Networking 13 06-01-2015 10:48 AM
Dropped packets Doolspin Linux - Software 1 10-22-2006 02:22 PM
too much dropped packets...Hi.. alaios Linux - Networking 2 02-10-2005 05:49 AM
tcpdump and dropped packets Blindsight Linux - Networking 5 07-14-2003 11:41 PM
dropped packets... sohmc Linux - Software 3 05-29-2003 10:26 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:23 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration