Hi Ben, Thank you for the quick reply. :-)
OThe only "strange" network related thing on this machine is pgld[1] which messes heavily with iptables. > Please provide details of your networking configuration, > including: > > - Are you using ebtables? No > - Are you using VLAN devices? No Here is ifconfig -a --- eth0 Link encap:Ethernet HWaddr 00:1c:c4:5c:28:d2 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:17280502 errors:0 dropped:0 overruns:0 frame:0 TX packets:14882131 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:12453053120 (11.5 GiB) TX bytes:13160381323 (12.2 GiB) Interrupt:17 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:49929 errors:0 dropped:0 overruns:0 frame:0 TX packets:49929 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:7632840 (7.2 MiB) TX bytes:7632840 (7.2 MiB) vif2.0 Link encap:Ethernet HWaddr fe:ff:ff:ff:ff:ff inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7680792 errors:0 dropped:0 overruns:0 frame:0 TX packets:10164315 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:32 RX bytes:2514841954 (2.3 GiB) TX bytes:3670559977 (3.4 GiB) xenbr0 Link encap:Ethernet HWaddr 00:1c:c4:5c:28:d2 inet addr:10.0.0.10 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::21c:c4ff:fe5c:28d2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:17967984 errors:0 dropped:0 overruns:0 frame:0 TX packets:14972347 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:13275577776 (12.3 GiB) TX bytes:15076571340 (14.0 GiB) --- iptables -L -n -v --- Chain INPUT (policy ACCEPT 18M packets, 13G bytes) pkts bytes target prot opt in out source destination 371K 30M pgl_in all -- * * 0.0.0.0/0 0.0.0.0/0 ! ctstate RELATED,ESTABLISHED mark match ! 0x14 117K 9242K fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2128K 5213M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out vif2.0 --physdev-is-bridged 1982K 299M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vif2.0 --physdev-is-bridged 0 0 pgl_fwd all -- * * 0.0.0.0/0 0.0.0.0/0 ! ctstate RELATED,ESTABLISHED mark match ! 0x14 Chain OUTPUT (policy ACCEPT 15M packets, 15G bytes) pkts bytes target prot opt in out source destination 189K 12M pgl_out all -- * * 0.0.0.0/0 0.0.0.0/0 ! ctstate RELATED,ESTABLISHED mark match ! 0x14 Chain fail2ban-ssh (1 references) pkts bytes target prot opt in out source destination 117K 9242K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain pgl_fwd (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- * * 10.0.0.0/24 10.0.0.0/24 0 0 RETURN all -- * * 0.0.0.0/0 10.0.0.1 0 0 RETURN all -- * * 0.0.0.0/0 127.0.0.1 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0xa 0 0 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92 Chain pgl_in (1 references) pkts bytes target prot opt in out source destination 309K 26M RETURN all -- * * 10.0.0.0/24 0.0.0.0/0 24085 1561K RETURN all -- lo * 0.0.0.0/0 0.0.0.0/0 4274 251K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0xa 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range [snip] 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range [snip] 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range [snip] 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range [snip] 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 source IP range [snip] 0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 4546 263K RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 28548 1631K NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 92 --- Let me know if you need to see anything else. [1] http://sourceforge.net/p/peerguardian/wiki/pgl-Main/ Best regards, George On 16 December 2013 17:52, Ben Hutchings <b...@decadent.org.uk> wrote: > On Mon, Dec 16, 2013 at 09:41:56AM +0000, George B. wrote: > > Package: src:linux > > Version: 3.2.51-1 > > Severity: normal > > > > Hello, > > > > I am seeing the backtrace below in my kernel log after the system has > been running for several weeks. > > > > Looks like it has something to do with Xen - memory leak maybe? > > I'm not sure it's directly connected with Xen - I think that an > interrupt from the physical network interface interrupted a task that > is part of the netback driver. > > This is not necessarily due to a memory leak; more likely this is > memory fragmentation. Some oddity of your networking configuration > results in linearising large packets: > > [...] > > [955212.368551] netback/0: page allocation failure: order:3, mode:0x20 > [...] > > This means: allocating something between 16 and 32K atomically > (no waiting allowed). > > The call trace appears to show that a packet received by the local TCP > via a bridge resulted in an immediate transmission, again going > through the bridge, and that then required this large memory > allocation. > > Please provide details of your networking configuration, > including: > > - Are you using ebtables? > - Are you using VLAN devices? > > Ben. > > -- > Ben Hutchings > Life is like a sewer: > what you get out of it depends on what you put into it. >