(iptables) ip_conntrack bug?

Fri, 17 Nov 2000 14:15:48 +1100

In message <Pine.LNX.4.21.0011160152340.18364-100000@callisto.yi.org> you write
:
> So now I'm clueless, although I'm almost certain it's a use count
> problem. I'd be happy to hear from Rusty or someone on the netfilter
> mailing list about this.

If the reference counts were really out of sync, the timer would have
gone off, but the connections still hanging around.  The timer is the
third value in `/proc/net/ip_conntrack', eg:

tcp      6 4 CLOSE_WAIT src=192.168.10.1 dst=212.242.40.206 sport=4047...

Here the number 4 means we have 4 seconds until the connection goes
`boom'.  An entry with 0 there, which stays around longer than 1
second, is being held by something.

Good luck,
Rusty.
--
Hacking time.