I have a modified linux on an ARM9 processor. It was working OK, but yesterday I got this error repeatedly:
kernel: nf_conntrack: table full, dropping packet
I have 2 questions:
- How can I find out what did cause the issue (The device has worked for more than a year without any problem)
- I did a bit research and I can fix the issue by temporarily increasing the size of table –
echo "5096" > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
– and then re-programming the processor. How can I permanently increase the size of table?
EDIT: (Some more info)
-
The output of
uname -mrs
:Linux 2.6.30.9 armv5tejl
; The output ofcat /proc/version
:Linux version 2.6.30.9 (ytian@softsrv1.iders.ca) (gcc version 4.4.1 (Sourcery G++ Lite 2009q3-67) ) #1 PREEMPT Thu Jan 23 11:58:19 CST 2014
.
In addition, this distribution doesn't have/etc/sysctl.conf
. -
I changed the traffic by looping back two physical Ethernet
interfaces on my board and putting both of them on the same vlan to
create a loop and crash the board. Thekernel: nf_conntrack: table full, dropping packet
appeared exactly after this. Yet after
disconnecting the loop, I keep getting thekernel: nf_conntrack: table full, dropping packet
. Can it be the reason (how can I make
sure)?
Best Answer
The problem is most probably a change in the traffic.
You can put an according entry in
/etc/sysctl.conf
:See
man 5 sysctl.conf
andman sysctl
.