Hi Ben,
Thank you for the quick reply. :-)
OThe only "strange" network related thing on this machine is pgld[1] which
messes heavily with iptables.
> Please provide details of your networking configuration,
> including:
>
> - Are you using ebtables?
No
> - Are you using VLAN devices?
No
Here is ifconfig -a
---
eth0 Link encap:Ethernet HWaddr 00:1c:c4:5c:28:d2
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:17280502 errors:0 dropped:0 overruns:0 frame:0
TX packets:14882131 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:12453053120 (11.5 GiB) TX bytes:13160381323 (12.2 GiB)
Interrupt:17
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:49929 errors:0 dropped:0 overruns:0 frame:0
TX packets:49929 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7632840 (7.2 MiB) TX bytes:7632840 (7.2 MiB)
vif2.0 Link encap:Ethernet HWaddr fe:ff:ff:ff:ff:ff
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7680792 errors:0 dropped:0 overruns:0 frame:0
TX packets:10164315 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:2514841954 (2.3 GiB) TX bytes:3670559977 (3.4 GiB)
xenbr0 Link encap:Ethernet HWaddr 00:1c:c4:5c:28:d2
inet addr:10.0.0.10 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::21c:c4ff:fe5c:28d2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:17967984 errors:0 dropped:0 overruns:0 frame:0
TX packets:14972347 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13275577776 (12.3 GiB) TX bytes:15076571340 (14.0 GiB)
---
iptables -L -n -v
---
Chain INPUT (policy ACCEPT 18M packets, 13G bytes)
pkts bytes target prot opt in out source
destination
371K 30M pgl_in all -- * * 0.0.0.0/0
0.0.0.0/0 ! ctstate RELATED,ESTABLISHED mark match ! 0x14
117K 9242K fail2ban-ssh tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 22
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
2128K 5213M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-out vif2.0 --physdev-is-bridged
1982K 299M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 PHYSDEV match --physdev-in vif2.0 --physdev-is-bridged
0 0 pgl_fwd all -- * * 0.0.0.0/0
0.0.0.0/0 ! ctstate RELATED,ESTABLISHED mark match ! 0x14
Chain OUTPUT (policy ACCEPT 15M packets, 15G bytes)
pkts bytes target prot opt in out source
destination
189K 12M pgl_out all -- * * 0.0.0.0/0
0.0.0.0/0 ! ctstate RELATED,ESTABLISHED mark match ! 0x14
Chain fail2ban-ssh (1 references)
pkts bytes target prot opt in out source
destination
117K 9242K RETURN all -- * * 0.0.0.0/0
0.0.0.0/0
Chain pgl_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 RETURN all -- * * 10.0.0.0/24
10.0.0.0/24
0 0 RETURN all -- * * 0.0.0.0/0
10.0.0.1
0 0 RETURN all -- * * 0.0.0.0/0
127.0.0.1
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 mark match 0xa
0 0 NFQUEUE all -- * * 0.0.0.0/0
0.0.0.0/0 NFQUEUE num 92
Chain pgl_in (1 references)
pkts bytes target prot opt in out source
destination
309K 26M RETURN all -- * * 10.0.0.0/24
0.0.0.0/0
24085 1561K RETURN all -- lo * 0.0.0.0/0
0.0.0.0/0
4274 251K DROP all -- * * 0.0.0.0/0
0.0.0.0/0 mark match 0xa
0 0 RETURN all -- * * 0.0.0.0/0
0.0.0.0/0 source IP range [snip]
0 0 RETURN all -- * * 0.0.0.0/0
0.0.0.0/0 source IP range [snip]
0 0 RETURN all -- * * 0.0.0.0/0
0.0.0.0/0 source IP range [snip]
0 0 RETURN all -- * * 0.0.0.0/0
0.0.0.0/0 source IP range [snip]
0 0 RETURN all -- * * 0.0.0.0/0
0.0.0.0/0 source IP range [snip]
0 0 RETURN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:993
0 0 RETURN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:443
0 0 RETURN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80
0 0 RETURN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:25
4546 263K RETURN tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22
28548 1631K NFQUEUE all -- * * 0.0.0.0/0
0.0.0.0/0 NFQUEUE num 92
---
Let me know if you need to see anything else.
[1] http://sourceforge.net/p/peerguardian/wiki/pgl-Main/
Best regards,
George
On 16 December 2013 17:52, Ben Hutchings <[email protected]> wrote:
> On Mon, Dec 16, 2013 at 09:41:56AM +0000, George B. wrote:
> > Package: src:linux
> > Version: 3.2.51-1
> > Severity: normal
> >
> > Hello,
> >
> > I am seeing the backtrace below in my kernel log after the system has
> been running for several weeks.
> >
> > Looks like it has something to do with Xen - memory leak maybe?
>
> I'm not sure it's directly connected with Xen - I think that an
> interrupt from the physical network interface interrupted a task that
> is part of the netback driver.
>
> This is not necessarily due to a memory leak; more likely this is
> memory fragmentation. Some oddity of your networking configuration
> results in linearising large packets:
>
> [...]
> > [955212.368551] netback/0: page allocation failure: order:3, mode:0x20
> [...]
>
> This means: allocating something between 16 and 32K atomically
> (no waiting allowed).
>
> The call trace appears to show that a packet received by the local TCP
> via a bridge resulted in an immediate transmission, again going
> through the bridge, and that then required this large memory
> allocation.
>
> Please provide details of your networking configuration,
> including:
>
> - Are you using ebtables?
> - Are you using VLAN devices?
>
> Ben.
>
> --
> Ben Hutchings
> Life is like a sewer:
> what you get out of it depends on what you put into it.
>
