[LARTC] flush ip_conntrack table manually?

[LARTC] flush ip_conntrack table manually?

[Patrick Nagelschmidt]

i just got a 'ip_conntrack: table full, dropping packet' because a 
p2p-application ran amok. i've killed the process but 
/proc/net/ip_conntrack still got more than 7000 (now stale) entries of 8184 
max. since the table is now after ~70 minutes down to 6995 entries, i 
wonder if i can flush this table manually. the entries in there look like

tcp      6 155674 ESTABLISHED src=x.x.x.x dst=y.y.y.y sport\x1234 dportV78 
src=y.y.y.y dst=x.x.x.x sportV78 dport\x1234 [ASSURED] use=1

and if i get ip_conntrack_proto_tcp.c right, the default timeout for 
ESTABLISHED is 5 days. but i dont want to wait that long :(


Patrick

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] flush ip_conntrack table manually?

[Jose Luis Domingo Lopez]

On Friday, 21 February 2003, at 15:52:55 +0100,
Patrick Nagelschmidt wrote:

> and if i get ip_conntrack_proto_tcp.c right, the default timeout for 
> ESTABLISHED is 5 days. but i dont want to wait that long :(
> 
You are right, some people change this default value in the sources and
recompile because they think this 5-day period is way too high. The only
way I know to flush the connection tracking information is to unload
ip_conntrack, and all the modules that depend on it.

Hope it helps.

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Sid (Linux 2.4.20-xfsip)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/