ip_ct_tcp_timeout_established 500 days ??
sshore@escape.ca
sshore@escape.ca
Thu, 21 Mar 2002 23:56:33 -0600
--4bRzO86E/ozDv8r1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Mar 21, 2002 at 08:27:10PM -0800, alex wrote:
> I checked
>=20
> ip_ct_tcp_timeout_established
>=20
> in /proc/sys/net/ipv4/netfilter/ expecting to find a value of 432000 which
> would translate to 5 days.
> To my surprise I found this value: 43200000 which would be 500 days.
The number is probably in jiffies rather than seconds. On an x86 machine,=
=20
there's 100 jiffies a second, so to get seconds divide by 100. This gives t=
he=20
expected value of five days.
Unless the stale conntracks are causing problems, you probably don't need t=
o=20
change it. Eight hours sounds reasonable though, if you're not expecting to=
=20
have any long-lived tcp sessions.
--=20
Scottie Shore <sshore@escape.ca>
"Experience is that marvelous thing that enables you to recognize=20
a mistake when you make it again." -- F. P. Jones
--4bRzO86E/ozDv8r1
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8mseQDEv+3WCgcv0RAtpTAKCRn/dkb3J+BWAhXffyCeqZ9BH3CwCeONXE
ov+D1H8eg1myjh46VwdDZMM=
=2JEf
-----END PGP SIGNATURE-----
--4bRzO86E/ozDv8r1--