On Wed, 28 May 2025, ying chen wrote:
On Wed, May 28, 2025 at 9:10 PM Florian Westphal <fw@xxxxxxxxx> wrote:
ying chen <yc1082463@xxxxxxxxx> wrote:
Hello all,
I encountered an "nf_conntrack: table full" warning on Linux 6.15-rc4.
Running cat /proc/net/nf_conntrack showed a large number of
connections in the SYN_SENT state.
As is well known, if we attempt to connect to a non-existent port, the
system will respond with an RST and then delete the conntrack entry.
However, when we frequently connect to non-existent ports, the
conntrack entries are not deleted, eventually causing the nf_conntrack
table to fill up.
Yes, what do you expect to happen?
I understand that the conntrack entry should be deleted immediately
after receiving the RST reply.
No, the conntrack entry will be in the CLOSE state with the timeout value
of /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_close
Best regards,
Jozsef
