Your message dated Sat, 8 Jan 2005 14:12:32 +0100
with message-id <[EMAIL PROTECTED]>
and subject line #288197 fixed in the WIP packages
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 2 Jan 2005 12:37:03 +0000
>From [EMAIL PROTECTED] Sun Jan 02 04:37:03 2005
Return-path: <[EMAIL PROTECTED]>
Received: from pasop.tomt.net (pelle.pasop.tomt.net) [217.8.136.222]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cl4yk-0003Ne-00; Sun, 02 Jan 2005 04:37:03 -0800
Received: by pelle.pasop.tomt.net (Postfix, from userid 1000)
id 4AC6564098; Sun, 2 Jan 2005 13:36:57 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Andre Tomt <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: 2.6.10: ip_conntrack ignores RST making the tracking hash blow up in
your
face
X-Mailer: reportbug 3.2
Date: Sun, 02 Jan 2005 13:36:57 +0100
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: kernel
Severity: important
Tags: patch
This is a bug introduced by netfilter ip_conntrack window tracking fixes
introduced in a late 2.6.10-rc, wich should be fixed in the pending
2.6.10 upload to the debian archive (discussed on #debian-kernel).
The window tracking fixed broke RST handling, making the tracking hash
blow up really badly. In my setup it blew up with
net.ipv4.ip_conntrack_max=65536 after a little over 24 hours in use.
With a 5 day established timeout (the default) the hash would probably
grow to somewhere around 300000 entries - each taking rougly 300 bytes,
and this is on a relatively low trafficed firewall (10-20Mbps). Normal
non-buggy operation here is about 1-2000 entries.
The fix attached is currently not been checked over by the guy who broke
it all; but it has been known to work just fine in my setups and others.
More history - and patch:
http://lists.netfilter.org/pipermail/netfilter-devel/2004-December/017908.html
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (1000, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-s1-up
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
---------------------------------------
Received: (at 288197-done) by bugs.debian.org; 8 Jan 2005 13:12:34 +0000
>From [EMAIL PROTECTED] Sat Jan 08 05:12:34 2005
Return-path: <[EMAIL PROTECTED]>
Received: from verein.lst.de (mail.lst.de) [213.95.11.210]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CnGOQ-0005UV-00; Sat, 08 Jan 2005 05:12:34 -0800
Received: from verein.lst.de (localhost [127.0.0.1])
by mail.lst.de (8.12.3/8.12.3/Debian-7.1) with ESMTP id j08DCW6t002313
(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
for <[EMAIL PROTECTED]>; Sat, 8 Jan 2005 14:12:32 +0100
Received: (from [EMAIL PROTECTED])
by verein.lst.de (8.12.3/8.12.3/Debian-6.6) id j08DCWf5002311
for [EMAIL PROTECTED]; Sat, 8 Jan 2005 14:12:32 +0100
Date: Sat, 8 Jan 2005 14:12:32 +0100
From: Christoph Hellwig <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: #288197 fixed in the WIP packages
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.28i
X-Spam-Score: -4.901 () BAYES_00
X-Scanned-By: MIMEDefang 2.39
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
this bug is 2.6.10-only and the WIP packages for 2.6.10 have it fixed
already
