From: "Julián Muñoz" <jmunoz@telefonica.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Stranger than IPTABLES?
Date: Fri, 07 Jun 2002 18:11:32 +0000 [thread overview]
Message-ID: <marc-lartc-102347355311486@msgid-missing> (raw)
In-Reply-To: <marc-lartc-102340161221340@msgid-missing>
Mldonkey open many connections, so individually they are very slow. Maybe
the TCP timeout is at the maximum (2minutes), so it can take several
minutes to close a connection (maybe 5minutes).
On Fri, 7 Jun 2002, Martin Devera wrote:
> Wow. It is very interesting. Did you tried to read counters
> in iptables -vL and compare counts ? Like to read value from
> /proc/net/dev compare to count of packets at INPUT chain and
> then compare with no of packets in DROP chains.
> It could give us better picture where are the packets going to.
>
> But it seems there is problem with too many connections. The dropping
> may work but remote sites will still try to resend the packets and
> because you have high number of connections there SYNs and duplicates
> will go at least several minutes.
>
> devik
>
> >
> > and same ones for port 4661.
> > What is happening?
> > It looks like Linux is trying to drop these packets, but they are braking down VERY slowly. It seems like linux is unable to handle that and there are still many packets out of iptables control.
> > Look at this:
> > here you can see 'netstat -n' output written after (about half of minute) appending iptables DROP rules:
> >
> > http://josh876.republika.pl/netstat-dropped.txt
> >
> > modem's LED is blinkink randomly from time to time but and it is slowing. But MLDonkey is still reporting downloading.
> >
> > ..and this is after few minutes
> >
> > http://josh876.republika.pl/netstat-dropped-few-minutes.txt
> >
> > MLDonkey is generally not reporting downloading, but it is still happening that it will show download for a very short while.
> >
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>
--
__o
_ \<_
(_)/(_)
Saludos de Julián
EA4ACL
-.-
Foro Wireless Madrid
http://opennetworks.rg3.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2002-06-07 18:11 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-06 22:13 [LARTC] Stranger than IPTABLES? josh
2002-06-07 17:51 ` Martin Devera
2002-06-07 18:02 ` Ciprian Niculescu
2002-06-07 18:11 ` Julián Muñoz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-102347355311486@msgid-missing \
--to=jmunoz@telefonica.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.