[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Ipables memory footprint
From:       "Paul Albert" <palbert () rovingplanet ! com>
Date:       2003-04-30 16:23:22
[Download RAW message or body]

Hi all - 

I'm running a RH 7.3 box with a 2.4.20 kernel (with the bridge patches)
and iptables v1.2.7a as a bridge.  Last night I received notice that the
machine was out of memory.  After killing all of the java processes that
were running, the machine was still using a substantial amount of memory
(440MB/512MB).  I took the machine to single user mode to see if this
would reduce the memory footprint, but this didn't change things
significantly.

I've run iptables for about a year without problems.  However, some
people belive that it is this code that is causing our problems.  My
questions are as follows:

* Is there a way that I can measure the amount of memory that iptables
is using?

* Is there a way that I can manually flush all of the entries in
/proc/net/ip_conntrack?

* Are there any tools that I could use the monitor the kernel memory
size?

Thanks,
Paul


[prev in list] [next in list] [prev in thread] [next in thread]