problem with conntrack utility and kernel 2.6.14
Deti Fliegl
deti at fliegl.de
Fri Oct 28 11:08:59 CEST 2005
Hi there,
Reading /proc/net/ip_conntrack seems to lock the table as long as being
read which causes delays and loss in network traffic. Now I'm trying to
use the conntrack utility from the subversion repository to list the
conntrack table. This in turn prints out some "Unknown Attribute 5"
lines and what's even worse it runs very often into a segmentation fault at
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000008},
msg_iov(1)=[{"\260\0\0\0\0\1\0\6\0\0\0\0\0\0\0\0\2\0\0\0004\0\2\200\24"...,
8192}], msg_controllen=0, msg_flags=0}, 0) = 176
write(2, "nfnl_parse_attr: deficit (4) len"..., 39nfnl_parse_attr:
deficit (4) len (0).
) = 39
Maybe I'm wrong but it seems to happen due to a race condition when
conntracking entries are being updated by the kernel... (if you like to
reproduce this: just keep a high bandwidth connection open where byte
counters in the conntrack tavle have to be updated very often...)
Deti
More information about the netfilter-devel
mailing list