Re: conntrack records not going away?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tobias DiPasquale <codeslinger@gmail.com>
To: Jason Opperisano <opie@817west.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: conntrack records not going away?
Date: Wed, 22 Dec 2004 07:37:55 -0500	[thread overview]
Message-ID: <876ef97a041222043743ee9a5c@mail.gmail.com> (raw)
In-Reply-To: <1103596432.6589.8.camel@hubcap.ljm.dom>

On Mon, 20 Dec 2004 21:33:52 -0500, Jason Opperisano <opie@817west.com> wrote:
> once a TCP connection gets to ESTABLISHED [ASSURED] state--it will not
> be removed from conntrack until it times out (after 5 days by default
> (432000 seconds)), or one side sends a FIN-ACK packet requesting that
> the connection be torn down.
> 
> it sounds like you're shutting down endpoints after the connections are
> setup, but before they have a chance to close them.

I wasn't able to get a capture that expressed this particular problem.
Every time I did a capture, the FINs were sent properly and the
conntrack records were removed. But I have another question: is what
you're telling me above that the kernel will sometimes not correctly
close a socket that a process has open when it gets killed? Where is
the code in the kernel that governs that behavior?
linux/net/ipv4/tcp_*?

-- 
[ Tobias DiPasquale ]
0x636f6465736c696e67657240676d61696c2e636f6d

next prev parent reply	other threads:[~2004-12-22 12:37 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-12-20 19:19 conntrack records not going away? Tobias DiPasquale
2004-12-20 19:34 ` Tobias DiPasquale
2004-12-21  2:33 ` Jason Opperisano
2004-12-22  7:41   ` Ralf Spenneberg
2004-12-22 13:35     ` Jason Opperisano
2004-12-22 12:37   ` Tobias DiPasquale [this message]
2004-12-22 13:43     ` Jason Opperisano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=876ef97a041222043743ee9a5c@mail.gmail.com \
    --to=codeslinger@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    --cc=opie@817west.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.