prevent the conntrack table from filling up in the kernel
Bug #1270237 reported by
Chris J Arges
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Chris J Arges | ||
Quantal |
Fix Released
|
Medium
|
Chris J Arges | ||
Raring |
Invalid
|
Medium
|
Unassigned | ||
linux-lts-raring (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Unassigned | ||
Quantal |
Invalid
|
Undecided
|
Unassigned | ||
Raring |
Invalid
|
Undecided
|
Unassigned |
Bug Description
[Impact]
When running a server for an extended amount of time the conntrack table can fill up.
Here is the netfilter discussion: http://
Present in 3.11 >
[Test Case]
From the patch:
When loose tracking is enabled (default), non-syn packets cause
creation of new conntracks in established state with default timeout for
established state (5 days). This causes the table to fill up with UNREPLIED
when the 'new ack' packet happened to be the last-ack of a previous,
already timed-out connection.
description: | updated |
Changed in linux (Ubuntu Precise): | |
assignee: | nobody → Chris J Arges (arges) |
Changed in linux (Ubuntu): | |
assignee: | Chris J Arges (arges) → nobody |
status: | New → Fix Released |
Changed in linux (Ubuntu Precise): | |
status: | New → In Progress |
Changed in linux (Ubuntu Quantal): | |
status: | New → In Progress |
Changed in linux (Ubuntu Raring): | |
status: | New → In Progress |
Changed in linux (Ubuntu Quantal): | |
assignee: | nobody → Chris J Arges (arges) |
Changed in linux (Ubuntu Raring): | |
importance: | Undecided → Medium |
assignee: | nobody → Chris J Arges (arges) |
Changed in linux (Ubuntu Precise): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Quantal): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Raring): | |
status: | In Progress → Won't Fix |
assignee: | Chris J Arges (arges) → nobody |
status: | Won't Fix → In Progress |
assignee: | nobody → Chris J Arges (arges) |
Changed in linux-lts-raring (Ubuntu Precise): | |
importance: | Undecided → Medium |
assignee: | nobody → Chris J Arges (arges) |
Changed in linux (Ubuntu Raring): | |
assignee: | Chris J Arges (arges) → nobody |
Changed in linux-lts-raring (Ubuntu Quantal): | |
status: | New → Invalid |
Changed in linux-lts-raring (Ubuntu): | |
status: | New → Invalid |
Changed in linux-lts-raring (Ubuntu Raring): | |
status: | New → Invalid |
Changed in linux (Ubuntu Raring): | |
status: | In Progress → Invalid |
Changed in linux (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Quantal): | |
status: | In Progress → Fix Committed |
Changed in linux-lts-raring (Ubuntu Precise): | |
status: | New → Fix Committed |
tags: |
added: verification-done-precise verification-done-quantal removed: verification-needed-precise verification-needed-quantal |
To post a comment you must log in.
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- precise' to 'verification- done-precise' .
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!