Re: ip_conntrack & timing out of connections

Trever L. Adams (vichu@digitalme.com)
07 Nov 2001 14:41:36 -0500


On Wed, 2001-11-07 at 13:55, kuznet@ms2.inr.ac.ru wrote:
> > > From: pcg@goof.com
> ...
> > > linux-2.4.13-ac5 (other versions untested) has this peculiar behaviour: If I
> > > "killall -STOP thttpd", I, of course, still get connection requests which
> > > usually time out:
> > >
> > > tcp 238 0 217.227.148.85:80 213.76.191.129:3120 CLOSE_WAIT
>
> Blatant lie. Such connections cannot timeout. If they do, kernel really
> have fatal bug.
>

Then the kernel (iptables or what not) has a huge fatal bug. I have
seen this happen as well. The firewall then catches all of these 'ACK
FIN' etc. This is getting more rare for me and usually takes a moderate
to heavy load (for link capacity) before it starts happening, but it
does happen.

Trever

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/