[Bug 1084] New: display_proc_conntrack_stats missing data
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Fri Aug 26 07:05:41 CEST 2016
https://bugzilla.netfilter.org/show_bug.cgi?id=1084
Bug ID: 1084
Summary: display_proc_conntrack_stats missing data
Product: conntrack-tools
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: conntrack
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: dan at danweeks.net
display_proc_conntrack_stats only parses the first row of values from
/proc/net/stat/nf_conntrack. This means on multiprocessor systems it is often
presenting misleading metrics, missing some of the data. In cases where a CPU
other than the first is performing most of the operations, it can be especially
bad.
In the example below there are many instances where the higher values from the
second processor are unaccounted for.
cat /proc/net/stat/nf_conntrack; sudo -u nobody conntrack -S
entries searched found new invalid ignore delete delete_list insert
insert_failed drop early_drop icmp_error expect_new expect_create
expect_delete search_restart
0000014b 004cfa4f 04e9e53e 0049ce54 0000f543 006fd72d 005cfde7 0045abc6
0032596c 00000007 00000000 00000000 0000023f 00000001 00000002 00000001
00000000
0000014b 0328b028 38a17c68 03934d68 000db985 00c66dbf 03801ca2 01ea65ed
01fdb992 00000003 00000001 00000000 000025c8 00000017 00000016 00000017
00000000
entries 331
searched 5044815
found 82437441
new 4836948
invalid 62787
ignore 7329581
delete 6094311
delete_list 4565958
insert 3299692
insert_failed 7
drop 0
early_drop 0
icmp_error 575
expect_new 1
expect_create 2
expect_delete 1
search_restart 0
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160826/56addab3/attachment.html>
More information about the netfilter-buglog
mailing list