*** shocking ip_conntrack timeouts! ***

[Raj]

HI all!
I had written the following to the list and have not got any responses
yet...this problem is certainly keeping my ip_conntrack table erratic and
unusually large...remember there is a limit on the no. of conns it can
keep (8192,...) and this causes the table to reach the limit quite
prematurely...right!

Doesn't anyone else have the same problem OR have not noticed it yet?
Could you please verify the timeouts in the table vs. the defined
values?

Would appreciate any response...Thanks,
Raj

---------- Forwarded message ----------
Date: Tue, 1 Jan 2002 18:11:05 +0545 (NPT)
From: Raj <list@mail.com.np>
To: Netfilter Mailing List <netfilter@lists.samba.org>
Subject: strange ip_conntrack values!

HI,
I just noticed in my /proc/net/ip_conntrack file that the CLOSE timeouts
are shockingly high than the real value of 10 secs.

How could this be possible?

# cat ip_ct_tcp_timeout_close
1000

tcp      6 1797884 CLOSE src=202.52.X.X dst=202.52.X.X sport=1026
dport=1 10 src=202.52.X.X dst=202.52.X.X sport=110 dport=1026
[ASSURED] use=1

tcp      6 105137 CLOSE src=212.45.X.X dst=202.52.X.X sport=1121
dport=80 [UNREPLIED] src=202.52.X.X dst=212.45.X.X sport=80 dport=1121
use=1

Thanks,
Raj