*** shocking ip_conntrack timeouts! ***

[Patrick Schaaf]

Raj,

> Hi again, Joszef, how do I go about eliminating the problem...is there
> anything I can do in my present setup...like maybe changing some
> parameters in the related file?
> Or do I have to wait for a patch release?
> The HIGH timeouts are really eating up the ip_conntrack table
> unnecessarily!

Jozsef was pretty clear in his analysis:

> On Tue, 15 Jan 2002, Jozsef Kadlecsik wrote:
> >
> > However, from some kernel release in the 2.4 series up to (at least)
> > 2.4.10, include/linux/list.h contained the following as list_del:
...
> > which simply breaks netfilter.
> >
> > 2.4.13 and above are OK. I haven't checked 2.4.11-12.

So, just get a current kernel (I would recommend 2.4.17, unless
2.4.18 is already out), and the problem should be gone.

If you feel uneasy about using a kernel which does not come
with your distribution: too bad. I doubt that anybody will
take the time to fix older kernels for you.

best regards
  Patrick