You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We're using the "conntrack" check on both RHEL5 and RHEL6 boxes, and the check fails on RHEL5 with the errors: "net.netfilter.nf_conntrack_count" is an unknown key "net.netfilter.nf_conntrack_max" is an unknown key
I've tracked it down to the fact that the conntrack kernel module was renamed from "ip_conntrack" to "nf_conntrack" sometime after kernel 2.6.18 - which in Red Hat land corresponds to the transition between 5 and 6, hence what we observe. Under the ip_conntrack module, the above keys were called "net.ipv4.netfilter.ip_conntrack_xxx".
The fix is pretty straightforward, it would just involve checking what version of the kernel we're on, then adapt the name of the keys used in the sysctl command. Something like: LINUX_KERNEL=$(uname -r | sed -r 's/-.*$//') if [[ "$LINUX_KERNEL" < '2.6.20' ]]; then CONNTRACK_COUNT_KEY='net.ipv4.netfilter.ip_conntrack_count' CONNTRACK_MAX_KEY='net.ipv4.netfilter.ip_conntrack_max' else CONNTRACK_COUNT_KEY='net.netfilter.nf_conntrack_count' CONNTRACK_MAX_KEY='net.netfilter.nf_conntrack_max' fi
Then further down, when we run the actual check (lines 55-56), replace the hardcoded command with the variables we've set above: USED=$(sysctl -n net.netfilter.nf_conntrack_count) MAX=$(sysctl -n net.netfilter.nf_conntrack_max)
with: USED=$(sysctl -n $CONNTRACK_COUNT_KEY) MAX=$(sysctl -n $CONNTRACK_MAX_KEY)
Do you think you could put that quick fix in ? Not sure it's the right place to report it, please let me know if it's not ! And yeah, we should not be running anything on RHEL5 anymore, but that's another story ;-)
Cheers,
Noemi
The text was updated successfully, but these errors were encountered:
Hi !
We're using the "conntrack" check on both RHEL5 and RHEL6 boxes, and the check fails on RHEL5 with the errors:
"net.netfilter.nf_conntrack_count" is an unknown key"net.netfilter.nf_conntrack_max" is an unknown keyI've tracked it down to the fact that the conntrack kernel module was renamed from "ip_conntrack" to "nf_conntrack" sometime after kernel 2.6.18 - which in Red Hat land corresponds to the transition between 5 and 6, hence what we observe. Under the ip_conntrack module, the above keys were called "net.ipv4.netfilter.ip_conntrack_xxx".
The fix is pretty straightforward, it would just involve checking what version of the kernel we're on, then adapt the name of the keys used in the sysctl command. Something like:
LINUX_KERNEL=$(uname -r | sed -r 's/-.*$//')if [[ "$LINUX_KERNEL" < '2.6.20' ]]; thenCONNTRACK_COUNT_KEY='net.ipv4.netfilter.ip_conntrack_count'CONNTRACK_MAX_KEY='net.ipv4.netfilter.ip_conntrack_max'elseCONNTRACK_COUNT_KEY='net.netfilter.nf_conntrack_count'CONNTRACK_MAX_KEY='net.netfilter.nf_conntrack_max'fiThen further down, when we run the actual check (lines 55-56), replace the hardcoded command with the variables we've set above:
USED=$(sysctl -n net.netfilter.nf_conntrack_count)MAX=$(sysctl -n net.netfilter.nf_conntrack_max)with:
USED=$(sysctl -n $CONNTRACK_COUNT_KEY)MAX=$(sysctl -n $CONNTRACK_MAX_KEY)Do you think you could put that quick fix in ? Not sure it's the right place to report it, please let me know if it's not ! And yeah, we should not be running anything on RHEL5 anymore, but that's another story ;-)
Cheers,
Noemi
The text was updated successfully, but these errors were encountered: