Am 26.03.2004 um 10:01 schrieb Mark Tinka:
We run transparent web caches using ipt_REDIRECT, and after upgrading to 2.4.20, found that conntrack table overflows after a week or so.
There seem to be more issues with the conntrack code introduced with kernels > 2.4.19. We have some systems running SuSE 8.1 (kernel 2.4.21-198) where the conntrack table overflows regardless of its size. In /proc/net/ip_conntrack are only some entries, but /proc/slabinfo says: ip_conntrack 12012 12012 320 1001 1001 1 : 124 62 This is after about one week uptime. The number of objects raises constantly and results in an unreachable system sooner or later. As an ugly side-effect, trying to unload the modules gives 100%CPU usage until reset, a clean shutdown is not possible.