kernel-packages team mailing list archive

Thread
Date

[Bug 1270237] [NEW] prevent the conntrack table from filling up in the kernel

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Chris J Arges <1270237@xxxxxxxxxxxxxxxxxx>
Date: Fri, 17 Jan 2014 17:31:33 -0000
Reply-to: Bug 1270237 <1270237@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

[Impact]
When running a server for an extended amount of time the conntrack table can fill up.
Here is the netfilter discussion: http://www.spinics.net/lists/netfilter-devel/msg26759.html

[Fix]
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6547a221871f139cc56328a38105d47c14874cbe

Present in 3.11 >

[Test Case]
>From the patch:
When loose tracking is enabled (default), non-syn packets cause
creation of new conntracks in established state with default timeout for
established state (5 days).  This causes the table to fill up with UNREPLIED
when the 'new ack' packet happened to be the last-ack of a previous,
already timed-out connection.

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: linux (Ubuntu Precise)
     Importance: Medium
     Assignee: Chris J Arges (arges)
         Status: In Progress

** Affects: linux (Ubuntu Quantal)
     Importance: Medium
     Assignee: Chris J Arges (arges)
         Status: In Progress

** Affects: linux (Ubuntu Raring)
     Importance: Medium
     Assignee: Chris J Arges (arges)
         Status: In Progress


** Tags: bot-stop-nagging

** Also affects: linux (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Quantal)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Raring)
   Importance: Undecided
       Status: New

** Description changed:

  [Impact]
  When running a server for an extended amount of time the conntrack table can fill up.
  Here is the netfilter discussion: http://www.spinics.net/lists/netfilter-devel/msg26759.html
  
  [Fix]
  https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6547a221871f139cc56328a38105d47c14874cbe
+ 
+ Present in 3.11 >
  
  [Test Case]
  From the patch:
  When loose tracking is enabled (default), non-syn packets cause
  creation of new conntracks in established state with default timeout for
  established state (5 days).  This causes the table to fill up with UNREPLIED
  when the 'new ack' packet happened to be the last-ack of a previous,
  already timed-out connection.

** Changed in: linux (Ubuntu Precise)
     Assignee: (unassigned) => Chris J Arges (arges)

** Changed in: linux (Ubuntu)
     Assignee: Chris J Arges (arges) => (unassigned)

** Changed in: linux (Ubuntu)
       Status: New => Fix Released

** Changed in: linux (Ubuntu Precise)
       Status: New => In Progress

** Changed in: linux (Ubuntu Quantal)
       Status: New => In Progress

** Changed in: linux (Ubuntu Raring)
       Status: New => In Progress

** Changed in: linux (Ubuntu Quantal)
     Assignee: (unassigned) => Chris J Arges (arges)

** Changed in: linux (Ubuntu Raring)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Raring)
     Assignee: (unassigned) => Chris J Arges (arges)

** Changed in: linux (Ubuntu Precise)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Quantal)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1270237

Title:
  prevent the conntrack table from filling up in the kernel

Status in “linux” package in Ubuntu:
  Fix Released
Status in “linux” source package in Precise:
  In Progress
Status in “linux” source package in Quantal:
  In Progress
Status in “linux” source package in Raring:
  In Progress

Bug description:
  [Impact]
  When running a server for an extended amount of time the conntrack table can fill up.
  Here is the netfilter discussion: http://www.spinics.net/lists/netfilter-devel/msg26759.html

  [Fix]
  https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6547a221871f139cc56328a38105d47c14874cbe

  Present in 3.11 >

  [Test Case]
  From the patch:
  When loose tracking is enabled (default), non-syn packets cause
  creation of new conntracks in established state with default timeout for
  established state (5 days).  This causes the table to fill up with UNREPLIED
  when the 'new ack' packet happened to be the last-ack of a previous,
  already timed-out connection.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1270237/+subscriptions

Follow ups

[Bug 1270237] Re: prevent the conntrack table from filling up in the kernel
From: Chris J Arges, 2014-09-02
[Bug 1270237] Re: prevent the conntrack table from filling up in the kernel
From: Launchpad Bug Tracker, 2014-03-06
[Bug 1270237] Re: prevent the conntrack table from filling up in the kernel
From: Launchpad Bug Tracker, 2014-03-06
[Bug 1270237] Re: prevent the conntrack table from filling up in the kernel
From: Chris J Arges, 2014-02-28
[Bug 1270237] Re: prevent the conntrack table from filling up in the kernel
From: Brad Figg, 2014-02-24
[Bug 1270237] Re: prevent the conntrack table from filling up in the kernel
From: Brad Figg, 2014-02-24
[Bug 1270237] Re: prevent the conntrack table from filling up in the kernel
From: Andy Whitcroft, 2014-02-10
[Bug 1270237] [NEW] prevent the conntrack table from filling up in the kernel
From: Chris J Arges, 2014-01-17

References

[Bug 1270237] [NEW] prevent the conntrack table from filling up in the kernel
From: Chris J Arges, 2014-01-17