Neighbour table overflow

Message-ID: <3F4B3819.1030302@darkman.de>
Date: Tue, 26 Aug 2003 12:36:09 +0200
From: Sven 'Darkman' Michels <sven@darkman.de>
Subject: Re: [suse-security] kernel: Neighbour table overflow

Schoenwaelder Oliver wrote:
>>Hi,
>>
>>I don't know how to solve the problem on my own: we have a linux firewall
>>(SuSE 7.3, kernel 2.4.16, iptables 1.2.2-60, FreeS/WAN 1.94_0.9.2-41)
>>which is running for more than a year now. Since August, 12th with have
>>lots of messages like
>>
>>Aug 25 10:52:25 batschkapp-ext kernel: NET: 468 messages suppressed.
>>Aug 25 10:52:25 batschkapp-ext kernel: Neighbour table overflow.
>>
>>in messages file. What is strange is that arp tables contains exactly 1023
>>entries, most of them incomplete with IP addresses of our local subnet
>>which are not used and not reachable.
>>Sometimes arp table is correct with about 70 entries, but only for a
>>couple of seconds.

you can 'fix' it by spending more ram for the arp table:

echo 1024 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh3

Dunno if it's really related to blaster, but we had similar problems.

HTH

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@suse.com
Security-related bug reports go to security@suse.de, not here

原文转自：http://www.ltesting.net