[Bug 49] TCP conntrack entries with huge timeouts

bugzilla-daemon@netfilter.org bugzilla-daemon@netfilter.org
Fri, 14 Feb 2003 10:45:37 +0100


https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=49





------- Additional Comments From arvids@vendomar.lv  2003-02-14 10:45 -------
I have applied the following patches:
 pending/01_ip_conntrack_proto_tcp-lockfix                                     
               
 pending/02_newnat-udp-helper                                                  
               
 pending/04_ftp-conntrack-msg-fix                                              
               
 base/iplimit                                                                  
               
 base/time

And I have made the following changes to the TCP timeouts:

--- /usr/src/linux/net/ipv4/netfilter/ip_conntrack_proto_tcp.c.orig    
2003-01-15 13:43:37.000000000 +0200
+++ /usr/src/linux/net/ipv4/netfilter/ip_conntrack_proto_tcp.c  2003-01-15
14:48:44.000000000 +0200
@@ -53,13 +53,13 @@
 
 static unsigned long tcp_timeouts[]
 = { 30 MINS,   /*      TCP_CONNTRACK_NONE,     */
-    5 DAYS,    /*      TCP_CONNTRACK_ESTABLISHED,      */
-    2 MINS,    /*      TCP_CONNTRACK_SYN_SENT, */
-    60 SECS,   /*      TCP_CONNTRACK_SYN_RECV, */
-    2 MINS,    /*      TCP_CONNTRACK_FIN_WAIT, */
-    2 MINS,    /*      TCP_CONNTRACK_TIME_WAIT,        */
+    60 MINS,   /*      TCP_CONNTRACK_ESTABLISHED,      */
+    60 SECS,   /*      TCP_CONNTRACK_SYN_SENT, */
+    30 SECS,   /*      TCP_CONNTRACK_SYN_RECV, */
+    60 SECS,   /*      TCP_CONNTRACK_FIN_WAIT, */
+    60 SECS,   /*      TCP_CONNTRACK_TIME_WAIT,        */
     10 SECS,   /*      TCP_CONNTRACK_CLOSE,    */
-    60 SECS,   /*      TCP_CONNTRACK_CLOSE_WAIT,       */
+    10 SECS,   /*      TCP_CONNTRACK_CLOSE_WAIT,       */
     30 SECS,   /*      TCP_CONNTRACK_LAST_ACK, */
     2 MINS,    /*      TCP_CONNTRACK_LISTEN,   */
 };




------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.