[Bug 49] TCP conntrack entries with huge timeouts
bugzilla-daemon@netfilter.org
bugzilla-daemon@netfilter.org
Fri, 14 Feb 2003 10:45:37 +0100
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=49
------- Additional Comments From arvids@vendomar.lv 2003-02-14 10:45 -------
I have applied the following patches:
pending/01_ip_conntrack_proto_tcp-lockfix
pending/02_newnat-udp-helper
pending/04_ftp-conntrack-msg-fix
base/iplimit
base/time
And I have made the following changes to the TCP timeouts:
--- /usr/src/linux/net/ipv4/netfilter/ip_conntrack_proto_tcp.c.orig
2003-01-15 13:43:37.000000000 +0200
+++ /usr/src/linux/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2003-01-15
14:48:44.000000000 +0200
@@ -53,13 +53,13 @@
static unsigned long tcp_timeouts[]
= { 30 MINS, /* TCP_CONNTRACK_NONE, */
- 5 DAYS, /* TCP_CONNTRACK_ESTABLISHED, */
- 2 MINS, /* TCP_CONNTRACK_SYN_SENT, */
- 60 SECS, /* TCP_CONNTRACK_SYN_RECV, */
- 2 MINS, /* TCP_CONNTRACK_FIN_WAIT, */
- 2 MINS, /* TCP_CONNTRACK_TIME_WAIT, */
+ 60 MINS, /* TCP_CONNTRACK_ESTABLISHED, */
+ 60 SECS, /* TCP_CONNTRACK_SYN_SENT, */
+ 30 SECS, /* TCP_CONNTRACK_SYN_RECV, */
+ 60 SECS, /* TCP_CONNTRACK_FIN_WAIT, */
+ 60 SECS, /* TCP_CONNTRACK_TIME_WAIT, */
10 SECS, /* TCP_CONNTRACK_CLOSE, */
- 60 SECS, /* TCP_CONNTRACK_CLOSE_WAIT, */
+ 10 SECS, /* TCP_CONNTRACK_CLOSE_WAIT, */
30 SECS, /* TCP_CONNTRACK_LAST_ACK, */
2 MINS, /* TCP_CONNTRACK_LISTEN, */
};
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.