K
Size: a a a
2020 May 27
RS
в микротиках на подходе dhcpv4 - added end option (255) validation for both server and client;
разве опция 255 обязательная?
E
Есть еще настройка ядра
net.netfilter.nf_conntrack_helperУ себя я выставлял в еденицу
да, тоже на новом ядре пришлось выставить принудительно в 1.
Иначе писал так:
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
Хотя на старых ядрах он по дефолту в 1
Иначе писал так:
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
Хотя на старых ядрах он по дефолту в 1
ST
Привет. Резко виросла загрузка ЦП в два раза.. в логах чисто, траф не вырос. perf top тоже ничого вроде не показывает
ST
7.29% [kernel] [k] __nf_conntrack_find_get
5.98% [kernel] [k] dst_destroy
5.18% [kernel] [k] __dev_queue_xmit
4.67% [kernel] [k] native_queued_spin_lock_slowpath
4.14% [kernel] [k] nf_conntrack_tuple_taken
3.31% [kernel] [k] nf_conntrack_in
3.00% [kernel] [k] __kmalloc
2.88% [kernel] [k] rcu_process_callbacks
2.29% [kernel] [k] tcp_packet
2.06% [kernel] [k] ixgbe_xmit_frame_ring
2.01% [kernel] [k] vlan_do_receive
1.78% [kernel] [k] nf_hook_slow
1.74% [kernel] [k] __x86_indirect_thunk_rax
1.66% [kernel] [k] hash_conntrack_raw
5.98% [kernel] [k] dst_destroy
5.18% [kernel] [k] __dev_queue_xmit
4.67% [kernel] [k] native_queued_spin_lock_slowpath
4.14% [kernel] [k] nf_conntrack_tuple_taken
3.31% [kernel] [k] nf_conntrack_in
3.00% [kernel] [k] __kmalloc
2.88% [kernel] [k] rcu_process_callbacks
2.29% [kernel] [k] tcp_packet
2.06% [kernel] [k] ixgbe_xmit_frame_ring
2.01% [kernel] [k] vlan_do_receive
1.78% [kernel] [k] nf_hook_slow
1.74% [kernel] [k] __x86_indirect_thunk_rax
1.66% [kernel] [k] hash_conntrack_raw