nf_conntrack: falling back to vmalloc?

Knute Johnson ubuntu at
Mon Jan 16 17:44:59 UTC 2012

On 1/15/2012 7:59 PM, David C. Curtis wrote:
> On 12-01-15 07:32 PM, Ioannis Vranos wrote:
>> On Sun, Jan 15, 2012 at 11:29 PM, Knute
>> Johnson<ubuntu at> wrote:
>>> From the kernel log
>>> 4 Time(s): nf_conntrack: falling back to vmalloc
>>> anybody know what this means?
>> It's a C function. I think you can safely ignore that message.
> To play devils advocate here; vmalloc is a memory allocation call, if
> nf_conntrack (netfilter connection tracker) is using up more memory than
> usual maybe this machine is getting hammered by someone. Internet facing
> machine? Seeing high traffic packet wise? port wise?
> Complete WAG here as I have no idea how nf_conntrack works or in fact
> what it really does.

I pretty sure nf_conntrack is used to keep track of established 
connections coming through the iptables firewall.  What I don't know is 
what is the result of it falling back to vmalloc.  The error doesn't say 
what it was using prior to falling back.

This shows up on my server machine that is connected to the wild.  I 
haven't been having any more than the usual attempts at hacking that a 
server in the wild gets.



Knute Johnson

More information about the ubuntu-users mailing list