Once I found the following messages in the dmesg log:
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
net_ratelimit: 10 callbacks suppressed
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
nf_conntrack: nf_conntrack: table full, dropping packet
net_ratelimit: 3 callbacks suppressed
If there are a lot of entries in dmesg, then you can write them to a file and then see:
dmesg -T
dmesg -T | less
dmesg -T > ixnfo.com.txt
As you can see, I showed two messages:
net_ratelimit: 10 callbacks suppressed
net_ratelimit: 3 callbacks suppressed
These messages are not an error, but mean that several messages were not recorded, in my example 10 messages were missed, and then 3 more. This is a mechanism to protect against message flooding, from denial of service attacks, in my case there was a ddos attack of the NTP Amplification type on the NAT server and the following message was repeated very often:
nf_conntrack: nf_conntrack: table full, dropping packet
Let’s look at the system parameters (on the example of the default value, which means that more than 10 messages cannot be recorded in a period of 5 seconds):
cat /proc/sys/net/core/message_cost
5
cat /proc/sys/net/core/message_burst
10
An example of changing or disabling protection, the larger the value, the fewer messages will be recorded (but you don’t need to disable it, I don’t recommend disabling it):
sysctl -w net.core.message_cost=8
echo "net.core.message_cost = 0" >> /etc/sysctl.conf
sysctl -p
By the way, there were more than 4,000,000 connections in the conntrack table, the number of which exceeded the limit I specified, because of this, duplicate messages appeared.
See also my article:
Tuning nf_conntrack