LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Red Hat (https://www.linuxquestions.org/questions/red-hat-31/)
-   -   ip_conntrack: table full, dropping packet (https://www.linuxquestions.org/questions/red-hat-31/ip_conntrack-table-full-dropping-packet-615436/)

masterross 01-22-2008 05:49 AM

ip_conntrack: table full, dropping packet
 
hello,

I have problem with ip_conntrack.
Seems like it's overloaded

I'm on CentOS 5.0
custom kernel 2.6.18.2

here is the msg:
Code:

Jan 22 12:46:11 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:16 rsn kernel: printk: 395 messages suppressed.
Jan 22 12:46:16 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:21 rsn kernel: printk: 403 messages suppressed.
Jan 22 12:46:21 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:27 rsn kernel: printk: 326 messages suppressed.
Jan 22 12:46:27 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:31 rsn kernel: printk: 343 messages suppressed.
Jan 22 12:46:31 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:36 rsn kernel: printk: 447 messages suppressed.
Jan 22 12:46:36 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:41 rsn kernel: printk: 313 messages suppressed.
Jan 22 12:46:41 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:46 rsn kernel: printk: 374 messages suppressed.
Jan 22 12:46:46 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:51 rsn kernel: printk: 590 messages suppressed.
Jan 22 12:46:51 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:56 rsn kernel: printk: 497 messages suppressed.
Jan 22 12:46:56 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:47:01 rsn kernel: printk: 447 messages suppressed.
Jan 22 12:47:01 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:47:06 rsn kernel: printk: 450 messages suppressed.
Jan 22 12:47:06 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:47:11 rsn kernel: printk: 322 messages suppressed.
Jan 22 12:47:11 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:47:16 rsn kernel: printk: 372 messages suppressed.
Jan 22 12:47:16 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:47:21 rsn kernel: printk: 390 messages suppressed.
Jan 22 12:47:21 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:47:26 rsn kernel: printk: 377 messages suppressed.
Jan 22 12:47:26 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:47:31 rsn kernel: printk: 445 messages suppressed.
Jan 22 12:47:31 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:47:36 rsn kernel: printk: 374 messages suppressed.
Jan 22 12:47:36 rsn kernel: ip_conntrack: table full, dropping packet.

any suggestions?

masterross 01-22-2008 06:18 AM

here is a part of tcpdump -i eth0 -nv


Code:

230.229.http: ., cksum 0xa2aa (correct), ack 7060 win 65535
13:00:06.765765 IP (tos 0x0, ttl 112, id 45285, offset 0, flags [DF], proto: TCP (6), length: 398) 89.4.199.217.60872 > xxx.xxx.xxx.xxx.sso-service: P 0:358(358) ack 1 win 17424
13:00:06.765778 IP (tos 0x0, ttl  64, id 19156, offset 0, flags [DF], proto: TCP (6), length: 40) xxx.xxx.xxx.xxx.sso-service > 89.4.199.217.60872: ., cksum 0x406f (correct), ack 358 win 6432
13:00:06.765871 IP (tos 0x0, ttl  64, id 19157, offset 0, flags [DF], proto: TCP (6), length: 312) xxx.xxx.xxx.xxx.sso-service > 89.4.199.217.60872: P 1:273(272) ack 358 win 6432
13:00:06.765882 IP (tos 0x0, ttl  64, id 19158, offset 0, flags [DF], proto: TCP (6), length: 40) xxx.xxx.xxx.xxx.sso-service > 89.4.199.217.60872: F, cksum 0x3f5e (correct), 273:273(0) ack 358 win 6432
13:00:06.766843 IP (tos 0x0, ttl  57, id 19114, offset 0, flags [DF], proto: TCP (6), length: 60) 195.189.142.140.38756 > xxx.xxx.xxx.xxx.http: S, cksum 0x484a (correct), 366364356:366364356(0) win 5840 <mss 1460,sackOK,timestamp 1508379758 0,nop,wscale 7>
13:00:06.767326 IP (tos 0x0, ttl  57, id 33277, offset 0, flags [DF], proto: TCP (6), length: 60) 195.189.142.140.38757 > xxx.xxx.xxx.xxx.http: S, cksum 0x0194 (correct), 364678547:364678547(0) win 5840 <mss 1460,sackOK,timestamp 1508379758 0,nop,wscale 7>
13:00:06.768583 IP (tos 0x0, ttl 114, id 4100, offset 0, flags [DF], proto: TCP (6), length: 40) 59.95.39.149.navbuddy > xxx.xxx.xxx.xxx.http: ., cksum 0x2faf (correct), ack 7200 win 65535
13:00:06.769084 IP (tos 0x0, ttl 116, id 26020, offset 0, flags [DF], proto: TCP (6), length: 48) 220.224.124.41.citrixadmin > xxx.xxx.xxx.xxx.http: S, cksum 0xa627 (correct), 3034532086:3034532086(0) win 16384 <mss 1460,nop,nop,sackOK>
13:00:06.769105 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 44) xxx.xxx.xxx.xxx.http > 220.224.124.41.citrixadmin: S, cksum 0x8521 (correct), 334449469:334449469(0) ack 3034532087 win 5840 <mss 1460>
13:00:06.769108 IP (tos 0x0, ttl 116, id 26021, offset 0, flags [DF], proto: TCP (6), length: 48) 220.224.124.41.fjappmgrbulk > xxx.xxx.xxx.xxx.http: S, cksum 0x1509 (correct), 4076182529:4076182529(0) win 16384 <mss 1460,nop,nop,sackOK>
13:00:06.769114 IP (tos 0x0, ttl  52, id 10487, offset 0, flags [DF], proto: TCP (6), length: 40) 58.69.51.124.50121 > xxx.xxx.xxx.xxx.sso-service: ., cksum 0xf975 (correct), ack 96 win 16850
13:00:06.769233 IP (tos 0x0, ttl 116, id 26022, offset 0, flags [DF], proto: TCP (6), length: 48) 220.224.124.41.fjmpss > xxx.xxx.xxx.xxx.http: S, cksum 0xa6e5 (correct), 3824818465:3824818465(0) win 16384 <mss 1460,nop,nop,sackOK>
13:00:06.770264 IP (tos 0x0, ttl  57, id 32612, offset 0, flags [DF], proto: TCP (6), length: 52) 195.189.142.140.38683 > xxx.xxx.xxx.xxx.http: ., cksum 0xf4ab (correct), ack 31190 win 65160 <nop,nop,timestamp 1508379759 119928062>
13:00:06.770461 IP (tos 0x0, ttl 110, id 28641, offset 0, flags [DF], proto: TCP (6), length: 48) 24.143.231.119.gdp-port > xxx.xxx.xxx.xxx.sso-service: S, cksum 0x6a7d (correct), 1372683647:1372683647(0) win 64240 <mss 1460,nop,nop,sackOK>
13:00:06.771007 IP (tos 0x0, ttl  52, id 10488, offset 0, flags [DF], proto: TCP (6), length: 40) 58.69.51.124.50121 > xxx.xxx.xxx.xxx.sso-service: F, cksum 0xf974 (correct), 334:334(0) ack 96 win 16850
13:00:06.771014 IP (tos 0x0, ttl  64, id 63042, offset 0, flags [DF], proto: TCP (6), length: 40) xxx.xxx.xxx.xxx.sso-service > 58.69.51.124.50121: ., cksum 0x2227 (correct), ack 335 win 6432
13:00:06.772001 IP (tos 0x0, ttl 115, id 61229, offset 0, flags [DF], proto: TCP (6), length: 40) 91.148.102.104.62080 > xxx.xxx.xxx.xxx.http: ., cksum 0x5b29 (correct), ack 4266 win 65535
13:00:06.772583 IP (tos 0x0, ttl 109, id 55646, offset 0, flags [DF], proto: TCP (6), length: 40) 59.95.78.32.socorfs > xxx.xxx.xxx.xxx.http: ., cksum 0xa2aa (correct), ack 8472 win 64123
13:00:06.773810 IP (tos 0x0, ttl 114, id 4101, offset 0, flags [DF], proto: TCP (6), length: 40) 59.95.39.149.navbuddy > xxx.xxx.xxx.xxx.http: ., cksum 0x2a0f (correct), ack 8640 win 65535
13:00:06.775177 IP (tos 0x0, ttl 116, id 35377, offset 0, flags [DF], proto: TCP (6), length: 48) 85.197.222.45.12868 > xxx.xxx.xxx.xxx.sso-service: S, cksum 0x36dd (correct), 3790126493:3790126493(0) win 65535 <mss 1452,nop,nop,sackOK>
13:00:06.775199 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 44) xxx.xxx.xxx.xxx.sso-service > 85.197.222.45.12868: S, cksum 0x14f1 (correct), 326962317:326962317(0) ack 3790126494 win 5840 <mss 1460>
13:00:06.775227 IP (tos 0x0, ttl 115, id 17730, offset 0, flags [DF], proto: TCP (6), length: 40) 86.121.19.152.apc-2260 > xxx.xxx.xxx.xxx.http: ., cksum 0xe38f (correct), ack 5760 win 65535
13:00:06.775238 IP (tos 0x0, ttl  64, id 21623, offset 0, flags [DF], proto: TCP (6), length: 4360) xxx.xxx.xxx.xxx.http > 86.121.19.152.apc-2260: . 7200:11520(4320) ack 1 win 7160
13:00:06.776498 IP (tos 0x0, ttl 111, id 56379, offset 0, flags [DF], proto: TCP (6), length: 40) 124.217.42.105.syncserver > xxx.xxx.xxx.xxx.http: ., cksum 0x7b52 (correct), ack 4297 win 65535
13:00:06.776508 IP (tos 0x0, ttl  64, id 43055, offset 0, flags [DF], proto: TCP (6), length: 4336) xxx.xxx.xxx.xxx.http > 124.217.42.105.syncserver: . 5729:10025(4296) ack 0 win 7180
13:00:06.777007 IP (tos 0x0, ttl  52, id 10489, offset 0, flags [DF], proto: TCP (6), length: 40) 58.69.51.124.50123 > xxx.xxx.xxx.xxx.sso-service: ., cksum 0x4b0d (correct), ack 96 win 16850
13:00:06.777991 IP (tos 0x0, ttl 113, id 28754, offset 0, flags [DF], proto: TCP (6), length: 48) 60.50.130.107.etftp > xxx.xxx.xxx.xxx.sso-service: S, cksum 0x4610 (correct), 997555797:997555797(0) win 30492 <mss 1432,nop,nop,sackOK>
13:00:06.777999 IP (tos 0x0, ttl  52, id 10490, offset 0, flags [DF], proto: TCP (6), length: 40) 58.69.51.124.50123 > xxx.xxx.xxx.xxx.sso-service: F, cksum 0x4b0c (correct), 340:340(0) ack 96 win 16850
13:00:06.778005 IP (tos 0x0, ttl  64, id 50103, offset 0, flags [DF], proto: TCP (6), length: 40) xxx.xxx.xxx.xxx.sso-service > 58.69.51.124.50123: ., cksum 0x73be (correct), ack 341 win 6432
13:00:06.779030 IP (tos 0x0, ttl 114, id 7016, offset 0, flags [DF], proto: TCP (6), length: 40) 219.74.32.207.50148 > xxx.xxx.xxx.xxx.sso-service: ., cksum 0x83b3 (correct), ack 68 win 64174
13:00:06.779607 IP (tos 0x0, ttl  57, id 32613, offset 0, flags [DF], proto: TCP (6), length: 52) 195.189.142.140.38683 > xxx.xxx.xxx.xxx.http: F, cksum 0xf4a8 (correct), 1006:1006(0) ack 31190 win 65160 <nop,nop,timestamp 1508379761 119928062>
13:00:06.779614 IP (tos 0x0, ttl  64, id 5831, offset 0, flags [DF], proto: TCP (6), length: 52) xxx.xxx.xxx.xxx.http > 195.189.142.140.38683: ., cksum 0xd75d (correct), ack 1007 win 7035 <nop,nop,timestamp 119928151 1508379761>
13:00:06.779619 IP (tos 0x0, ttl 114, id 7017, offset 0, flags [DF], proto: TCP (6), length: 40) 219.74.32.207.50148 > xxx.xxx.xxx.xxx.sso-service: F, cksum 0x83b2 (correct), 349:349(0) ack 68 win 64174
13:00:06.779624 IP (tos 0x0, ttl  64, id 14969, offset 0, flags [DF], proto: TCP (6), length: 40) xxx.xxx.xxx.xxx.sso-service > 219.74.32.207.50148: ., cksum 0x6541 (correct), ack 350 win 6432
13:00:06.779628 IP (tos 0x0, ttl  57, id 60438, offset 0, flags [DF], proto: TCP (6), length: 52) 195.189.142.140.38680 > xxx.xxx.xxx.xxx.http: F, cksum 0x4b9c (correct), 1023:1023(0) ack 1073 win 7497 <nop,nop,timestamp 1508379761 119927985>
13:00:06.779634 IP (tos 0x0, ttl  64, id 33208, offset 0, flags [DF], proto: TCP (6), length: 52) xxx.xxx.xxx.xxx.http > 195.189.142.140.38680: ., cksum 0x4c4d (correct), ack 1024 win 7154 <nop,nop,timestamp 119928151 1508379761>
13:00:06.781784 IP (tos 0x0, ttl 111, id 45286, offset 0, flags [DF], proto: TCP (6), length: 52) 89.4.199.217.60896 > xxx.xxx.xxx.xxx.sso-service: S, cksum 0x86cc (correct), 2367669736:2367669736(0) win 16384 <mss 1452,nop,wscale 0,nop,nop,sackOK>
13:00:06.782700 IP (tos 0x0, ttl  52, id 10491, offset 0, flags [DF], proto: TCP (6), length: 40) 58.69.51.124.50124 > xxx.xxx.xxx.xxx.sso-service: ., cksum 0x110e (correct), ack 140 win 16806
13:00:06.782988 IP (tos 0x0, ttl 122, id 31630, offset 0, flags [DF], proto: TCP (6), length: 40) 86.82.152.254.21041 > xxx.xxx.xxx.xxx.sso-service: ., cksum 0xec46 (correct), ack 68 win 64174
13:00:06.783681 IP (tos 0x0, ttl  52, id 10492, offset 0, flags [DF], proto: TCP (6), length: 40) 58.69.51.124.50124 > xxx.xxx.xxx.xxx.sso-service: F, cksum 0x110d (correct), 336:336(0) ack 140 win 16806
13:00:06.783687 IP (tos 0x0, ttl  64, id 57517, offset 0, flags [DF], proto: TCP (6), length: 40) xxx.xxx.xxx.xxx.sso-service > 58.69.51.124.50124: ., cksum 0x3993 (correct), ack 337 win 6432
13:00:06.784047 IP (tos 0x0, ttl  51, id 52171, offset 0, flags [DF], proto: TCP (6), length: 40) 195.142.236.12.40173 > xxx.xxx.xxx.xxx.http: ., cksum 0xcbc8 (correct), ack 1 win 65535
13:00:06.785826 IP (tos 0x0, ttl  51, id 52172, offset 0, flags [DF], proto: TCP (6), length: 728) 195.

where xxx.xxx.xxx.xxx in my server IP

masterross 01-23-2008 09:11 AM

So there are no Linux gurus here? Right?
:)

alose 02-04-2008 09:48 AM

Your ip_conntrack table is full. This is the table the kernel uses to track forwarded packets. To see how many connections are currently being tracked :
Code:

sysctl net.ipv4.netfilter.ip_conntrack_max
It should be safe to double the number:
Code:

sysctl -w  net.ipv4.netfilter.ip_conntrack_max=2x#
Should that not cause any problems edit
Code:

/etc/sysctl.conf
and add the following line:
Code:

net.ipv4.netfilter.ip_conntrack_max=2x#
This will make the change permanent should you need to reboot the box.


All times are GMT -5. The time now is 03:27 PM.