Bug#668222: Overflowing arp table

Mon, 09 Apr 2012 13:33:22 -0700 

Package: libcurl3
Version: 7.21.0-2.1+squeeze1
After upgrading to this version, none of the servers I maintain displayed any problems except for one machine that uses an ADSL broadband connection with RFC1483. 


Some years ago I managed to configure the modem/router involved (a  
Thomson SpeedTouch 780i WL) to operate in a DHCP spoofing mode so that  
its public IP address is passed on to its only client, a Debian  
GNU/Linux server currently running squeeze. On the server, all I had  
to do was add an extra NIC and give it a simple dhcp client  
configuration. For the latter I use the dhcpcd package, although I  
forget whether this is what allows me to run the isc-dhcp-server on  
the other NIC, or that it's important for the DHCP spoofing trick  
itself.



Anyway , this worked fine for some years until the recent update for  
libcurl3 and libcurl3-gnutls. For me, this update involved only these  
two packages, and the event was followed almost immediately by these  
error messages in the syslog:


1.)  kernel: [5470349.890390] Neighbour table overflow.
1a.) kernel: [5470359.920776] __ratelimit: 1766 callbacks suppressed


Error 1a appeared regularly, once every 10 times for error 1. Six  
hours after the update, I also started seeing this error in the syslog:


2.)  kernel: [527233.379270] nf_conntrack: table full, dropping packet.


Whenever the error types 1 or 2 two would start, hundreds would  
usually appear within the space of a few minutes and then stop. The  
server is mostly quiet, but such events would occur several times a day.



Eventually I examined the arp table, which turned out to have far too  
many entries. Instead of having just a few local IP/MAC address  
combinations, it was full of public IP addresses. Only, in these cases  
the MAC address was always the same -- I suspect it's the MAC address  
of the nearby DSLAM, the IP address of which is the server's default  
gateway. I tried a server reboot, but afterwards the arp table quickly  
filled up and the errors continued.



After downgrading libcurl3 and libcurl3-gnutls to version 7.21.0-2,  
the error messages disappeared. For some reason the arp table did not  
clear up, even after several days, so the server was rebooted again  
and now it's fine.



I don't know how, but it seems clear to me that the most recent  
version of libcurl3 and/or libcurl3-gnutls introduced a bug that only  
affects certain systems, such as the one described above.




--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org























					Reply via email to