On Sun, Jan 30, 2005 at 06:01:46PM +0000, Russell King wrote: > > OTOH, if conntrack isn't loaded forwarded packet are never defragmented, > > so frag_list should be empty. So probably false alarm, sorry. > > I've just checked Phil's mails - both Phil and myself are using > netfilter on the troublesome boxen. > > Also, since FragCreates is zero, and this does mean that the frag_list > is not empty in all cases so far where ip_fragment() has been called. > (Reading the code, if frag_list was empty, we'd have to create some > fragments, which increments the FragCreates statistic.)
The below testcase seems to illustrate the problem nicely -- ip_dst_cache grows but never shrinks: On gateway: iptables -I FORWARD -d 10.10.10.0/24 -j DROP On client: for i in `seq 1 254` ; do ping -s 1500 -c 5 -w 1 -f 10.10.10.$i ; done Phil - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
