nf_conntrack: falling back to vmalloc?
ubuntu at knutejohnson.com
Mon Jan 16 17:44:59 UTC 2012
On 1/15/2012 7:59 PM, David C. Curtis wrote:
> On 12-01-15 07:32 PM, Ioannis Vranos wrote:
>> On Sun, Jan 15, 2012 at 11:29 PM, Knute
>> Johnson<ubuntu at knutejohnson.com> wrote:
>>> From the kernel log
>>> 4 Time(s): nf_conntrack: falling back to vmalloc
>>> anybody know what this means?
>> It's a C function. I think you can safely ignore that message.
> To play devils advocate here; vmalloc is a memory allocation call, if
> nf_conntrack (netfilter connection tracker) is using up more memory than
> usual maybe this machine is getting hammered by someone. Internet facing
> machine? Seeing high traffic packet wise? port wise?
> Complete WAG here as I have no idea how nf_conntrack works or in fact
> what it really does.
I pretty sure nf_conntrack is used to keep track of established
connections coming through the iptables firewall. What I don't know is
what is the result of it falling back to vmalloc. The error doesn't say
what it was using prior to falling back.
This shows up on my server machine that is connected to the wild. I
haven't been having any more than the usual attempts at hacking that a
server in the wild gets.
More information about the ubuntu-users