Re: Tuning NAT timeout values

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephen Jones <hivemynd@hivemynd.net>
To: ludi <myhapwcforever@gmail.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: Tuning NAT timeout values
Date: Sun, 26 Feb 2006 13:29:05 -0600	[thread overview]
Message-ID: <44020181.4030605@hivemynd.net> (raw)
In-Reply-To: <d27cd2010602260356n640eeb22g@mail.gmail.com>

ludi wrote:
> it maybe help you.
> /usr/src/linux/net/ipv4/netfilter/ip_conntrack_proto_udp.c
> #define UDP_TIMEOUT (30*HZ)
> #define UDP_STREAM_TIMEOUT (180*HZ)
> To change these values you can set up the udp timeout values.
> 
> tcp
> 
> /usr/src/linux/net/ipv4/netfilter/ip_conntrack_proto_tcp.c:
> 
> 
> static unsigned long tcp_timeouts[]
> = { 30 MINS, /* TCP_CONNTRACK_NONE, */
> 5 DAYS, /* TCP_CONNTRACK_ESTABLISHED, */
> 2 MINS, /* TCP_CONNTRACK_SYN_SENT, */
> 60 SECS, /* TCP_CONNTRACK_SYN_RECV, */
> 2 MINS, /* TCP_CONNTRACK_FIN_WAIT, */
> 2 MINS, /* TCP_CONNTRACK_TIME_WAIT, */
> 10 SECS, /* TCP_CONNTRACK_CLOSE, */
> 60 SECS, /* TCP_CONNTRACK_CLOSE_WAIT, */
> 30 SECS, /* TCP_CONNTRACK_LAST_ACK, */
> 2 MINS, /* TCP_CONNTRACK_LISTEN, */
> };
> I only find these , but I am not sure whether it work.

Thanks for your reply ludi!  I saw those in the source code also, but I 
was hoping it would be safe to change them with something like this:

echo ### > /proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout

Where the ### is the desired value in seconds. Having to recompile 
sources everytime paramaters like this need to be changed would be 
inconvenient, to say the least. If that is the only way, then so be it. 
Thanks again for your reply!

SJ

     prev parent reply	other threads:[~2006-02-26 19:29 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-02-08 17:30 Last patch-o-matic patches status report Samuel Díaz García
2006-02-23 20:05 ` Tuning NAT timeout values Stephen Jones
2006-02-26 11:56   ` ludi
2006-02-26 19:29     ` Stephen Jones [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=44020181.4030605@hivemynd.net \
    --to=hivemynd@hivemynd.net \
    --cc=myhapwcforever@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.