Bug 198479
| Summary: | net.netfilter.nf_conntrack_count always = 0 | ||
|---|---|---|---|
| Product: | Networking | Reporter: | Steffen Winther Sørensen (stefws) |
| Component: | Netfilter/Iptables | Assignee: | networking_netfilter-iptables (networking_netfilter-iptables) |
| Status: | NEW --- | ||
| Severity: | normal | CC: | ajb, toracat |
| Priority: | P1 | ||
| Hardware: | x86-64 | ||
| OS: | Linux | ||
| Kernel Version: | 4.14.12-1 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
|
Description
Steffen Winther Sørensen
2018-01-15 08:14:11 UTC
[quote] patched from EPEL kernel-ml [/quote] I suspect that you are confused. The kernel-ml (& kernel-lt) package sets are from the ELRepo Project _not_ EPEL. Ok right, my mistake/confusion between EPEL and ELrepo sorry :) Assumed it got nothing to do with KPTI, got debian boxes patched with KPTI enabled kernel which still reports nf_conntrack fine (though it's a different kernel version): # dmesg | grep -i isolation [ 0.000000] Kernel/User page tables isolation: enabled # uname -r 4.4.98-3-pve # cat /proc/sys/net/netfilter/nf_conntrack_count 19129 same issue with kernel 4.14.13-1.el6.elrepo.x86_64... also the case with KPTI disabled in 4.14.13-1 |