On Wed, May 28, 2025 at 6:26 AM ying chen <yc1082463@xxxxxxxxx> wrote: > > On Wed, May 28, 2025 at 9:10 PM Florian Westphal <fw@xxxxxxxxx> wrote: > > > > ying chen <yc1082463@xxxxxxxxx> wrote: > > > Hello all, > > > > > > I encountered an "nf_conntrack: table full" warning on Linux 6.15-rc4. > > > Running cat /proc/net/nf_conntrack showed a large number of > > > connections in the SYN_SENT state. > > > As is well known, if we attempt to connect to a non-existent port, the > > > system will respond with an RST and then delete the conntrack entry. > > > However, when we frequently connect to non-existent ports, the > > > conntrack entries are not deleted, eventually causing the nf_conntrack > > > table to fill up. > > > > Yes, what do you expect to happen? > I understand that the conntrack entry should be deleted immediately > after receiving the RST reply. Then it probably hints that you do not receive RST for all your SYN packets.
