conntrack questions
Brian Kuschak
brian.kuschak@skystream.com
Mon, 15 Oct 2001 13:53:10 -0700
Hello,
I'm working on a PPTP/GRE masquerading module and I have a few questions.
1) What is the correct way to tear down a related connection when the master
connection is finished? I tried the following, but the conntrack entries
are not removed from /proc/net/ip_conntrack. (acually neither the master nor
related)
if (del_timer(&ct->timeout))
ct->timeout.function((unsigned long)ct);
2) Regarding the timeout for TCP connections? What should the default be?
In my /proc file I see what looks like a huge timeout (120*60*60 seconds,
initially):
tcp 6 431798 ESTABLISHED src=10.1.1.100 dst=64.165.192.135 sport=12345
dport=1 src=64.165.192.135 dst=64.24.216.76 sport=1 dport=12345 use=1
3) And what about this: Normally I expect the client to initiate the
related connection (GRE packets), so an ip_conntrack_expect_related() works
well. However, when I connect to a Cisco box, it seems the client waits
until it receives GRE packets from the server. How can I account for these
related packets in the opposite direction, since one can only add a single
expect_related() to a connection?
Any help would be most appreciated!
Thanks,
Brian