From: Patrick McHardy <kaber@trash.net>
To: Krzysztof Oledzki <ole@ans.pl>
Cc: davem@davemloft.net, netfilter-devel@vger.kernel.org
Subject: Re: netfilter 01/03: nf_conntrack_tcp: decrease timeouts while data in unacknowledged
Date: Fri, 26 Jun 2009 17:14:35 +0200 [thread overview]
Message-ID: <4A44E5DB.8000304@trash.net> (raw)
In-Reply-To: <alpine.LNX.1.10.0906261627500.2240@bizon.gios.gov.pl>
Krzysztof Oledzki wrote:
> This patch kills long living ftp transfers from one of my hosts. I'm not
> able to transfer large files if it takes more than
> net.netfilter.nf_conntrack_tcp_timeout_unacknowledged seconds.
>
> After logging to the remote host and issuing any FTP command (ls or
> put/get for example) tuple's timeout is reduced. Additional commands are
> able to bump it but only upto
> net.netfilter.nf_conntrack_tcp_timeout_unacknowledged.
>
> It seems that IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED flag is never cleard.
>
> Tested on 2.6.28.10.
Interesting, are you using the FTP NAT helper?
I'm guessing there is some bad interaction between sequence number
adjustments when changing the packet sizes and sequence number
tracking in conntrack.
next prev parent reply other threads:[~2009-06-26 15:14 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-31 6:33 netfilter 00/03: netfilter update/fixes Patrick McHardy
2008-07-31 6:33 ` netfilter 01/03: nf_conntrack_tcp: decrease timeouts while data in unacknowledged Patrick McHardy
2008-07-31 7:38 ` David Miller
2009-06-26 14:39 ` Krzysztof Oledzki
2009-06-26 15:14 ` Patrick McHardy [this message]
2009-06-26 16:31 ` Krzysztof Oledzki
2009-06-26 17:03 ` Patrick McHardy
2009-06-26 17:31 ` Krzysztof Oledzki
2009-06-29 12:20 ` Patrick McHardy
2008-07-31 6:33 ` netfilter 02/03: ipt_recent: fix race between recent_mt_destroy and proc manipulations Patrick McHardy
2008-07-31 6:33 ` netfilter 03/03: xt_hashlimit: fix race between htable_destroy and htable_gc Patrick McHardy
2008-07-31 7:39 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A44E5DB.8000304@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=ole@ans.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).