From: Vincent Lim <vincent.lim@nestac.com>
To: netfilter@lists.netfilter.org
Subject: conntrack timeout values
Date: Tue, 08 Oct 2002 11:28:04 +0800 [thread overview]
Message-ID: <3DA250C4.F8D32F1D@nestac.com> (raw)
Folks,
I'm experiencing some problems with conntrack...the reported timeout
values seems to be wrong:
<snip from ip_conntrack_proto_tcp.c>
static unsigned long tcp_timeouts[]
= { 30 MINS, /* TCP_CONNTRACK_NONE, */
5 DAYS, /* TCP_CONNTRACK_ESTABLISHED, */
2 MINS, /* TCP_CONNTRACK_SYN_SENT, */
60 SECS, /* TCP_CONNTRACK_SYN_RECV, */
2 MINS, /* TCP_CONNTRACK_FIN_WAIT, */
2 MINS, /* TCP_CONNTRACK_TIME_WAIT, */
10 SECS, /* TCP_CONNTRACK_CLOSE, */
60 SECS, /* TCP_CONNTRACK_CLOSE_WAIT, */
30 SECS, /* TCP_CONNTRACK_LAST_ACK, */
2 MINS, /* TCP_CONNTRACK_LISTEN, */
};
<snip>
According to the code, TIME_OUT connections should have a timeout value
of 2 minutes. However, according to my /proc/net/ip_conntrack, some of
the TIME_OUT connection has values well above 2 minutes and some even
close to 5 days (equivalent to ESTABLISHED).
tcp 6 372830 TIME_WAIT src=172.16.1.66 dst=172.16.1.194 sport=4204
dport=110 src=172.16.1.194 dst=172.16.1.66 sport=110 dport=4204
[ASSURED] use=1
tcp 6 179403 TIME_WAIT src=172.16.1.193 dst=172.16.1.194
sport=39197 dport=25 src=172.16.1.194 dst=172.16.1.193 sport=25
dport=39197 [ASSURED] use=1
tcp 6 175904 CLOSE src=172.16.1.193 dst=172.16.1.194 sport=37165
dport=25 src=172.16.1.194 dst=172.16.1.193 sport=25 dport=37165
[ASSURED] use=1
I've reviewed the patch
http://samba.org/ftp/unpacked/netfilter.old/userspace/patch-o-matic/optimizations/ip_ct_refresh_optimization.patch
and the comments by the authors, it seems that it attempts to fix the
issue I'm facing but evidently it's not working. Can someone shed some
light as to what's going on?
--
Vincent Lim
Software Engineer
NESTAC Solution Sdn Bhd
vincent.lim@nestac.com | +(6012) 659-6609
reply other threads:[~2002-10-08 3:28 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3DA250C4.F8D32F1D@nestac.com \
--to=vincent.lim@nestac.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox