On Wed, 28 May 2025, ying chen wrote:
On Wed, May 28, 2025 at 9:45 PM Jozsef Kadlecsik
<kadlec@xxxxxxxxxxxxxxxxx> wrote:
On Wed, 28 May 2025, Eric Dumazet wrote:
On Wed, May 28, 2025 at 6:26 AM ying chen <yc1082463@xxxxxxxxx> wrote:
On Wed, May 28, 2025 at 9:10 PM Florian Westphal <fw@xxxxxxxxx> wrote:
ying chen <yc1082463@xxxxxxxxx> wrote:
Hello all,
I encountered an "nf_conntrack: table full" warning on Linux 6.15-rc4.
Running cat /proc/net/nf_conntrack showed a large number of
connections in the SYN_SENT state.
As is well known, if we attempt to connect to a non-existent port, the
system will respond with an RST and then delete the conntrack entry.
However, when we frequently connect to non-existent ports, the
conntrack entries are not deleted, eventually causing the nf_conntrack
table to fill up.
Yes, what do you expect to happen?
I understand that the conntrack entry should be deleted immediately
after receiving the RST reply.
Then it probably hints that you do not receive RST for all your SYN
packets.
And Eric has got right: because the states are in SYN_SENT then either the
RST packets were not received or out of the window or invalid from other
reasons.
I also suspect it's due to being "out of the window", but I'm not sure why.
tcpdump of the traffic from the targeted machine with both the SYN and RST
packets could help (raw pcap or at least the output with absolute seqs).
Best regards,
Jozsef
