linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Harald Welte <laforge@gnumonks.org>
To: linux-kernel@vger.kernel.org
Subject: Re: ip_conntrack & timing out of connections
Date: Sun, 11 Nov 2001 23:38:12 +0100	[thread overview]
Message-ID: <20011111233812.M875@naboo.gnumonks.org> (raw)
In-Reply-To: <20011106121947.A678@schmorp.de>
In-Reply-To: <20011106121947.A678@schmorp.de>; from pcg@goof.com on Tue, Nov 06, 2001 at 12:19:47PM +0100

On Tue, Nov 06, 2001 at 12:19:47PM +0100,  Marc A. Lehmann  wrote:

> however, after some time, I get many of these messages:
> 
> Nov  6 02:39:55 doom kernel: ip_conntrack: table full, dropping packet. 
> 
> /proc/net/ip_conntrack has lots of connections like these:
> 
> tcp      6 430665 ESTABLISHED src=213.76.191.129 dst=217.227.148.85 sport=3881 dport=80 src=217.227.148.85 dst=213.76.191.129 sport=80 dport=388 1 [ASSURED] use=1 
> 
> that is, connections to port 80. a grep dport=80 in ip_conntrack gives me
> 3768 lines, where netstat -t only shows 159 connections, so it seems that
> conntrack has a problems with time-outs (or something similar).

connection tracking keeps all TCP conntrack entries for 120 seconds after
completion of FIN <-> FIN closedown.  This is the TIME_WAIT state of the
tcp protocol.

Maybe the linux tcp stack doesn't wait for 120 seconds, or some other 
condition in the tcp stack makes the sockets disappear from the netstat -t
list.

-- 
Live long and prosper
- Harald Welte / laforge@gnumonks.org               http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M- 
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)

      parent reply	other threads:[~2001-11-12  7:56 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-11-06 11:19 ip_conntrack & timing out of connections Lehmann 
2001-11-06 13:07 ` Rasmus Bøg Hansen
2001-11-06 18:39 ` David Lang
2001-11-07 18:55   ` kuznet
2001-11-07 19:41     ` Trever L. Adams
2001-11-11 22:38 ` Harald Welte [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20011111233812.M875@naboo.gnumonks.org \
    --to=laforge@gnumonks.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).