[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [NETVAERK] Fjerne ESTABLISHED sessions



Jesper Lund wrote:
On Thu, 28 Apr 2005 10:32:17 +0200
Mogens Valentin <sslug@sslug> wrote:

Jesper Lund wrote:

cat /proc/net/ip_conntrack |grep "129.142.136." |wc -l  giver 8
conns  med gennemsnitlig TTL på 100:50:xx - men den TTL havde de

Du kan forøge maks størrelsen på tabellen, hvis det er et problem, ved
at "echo 16384 > /proc/sys/net/ipv4/ip_conntrack_max" eller en anden
størrelse.

I know, men det nu ikke ligefrem størrelsen der er et problem; den er iøvrigt default 65536 i 2.6.10 .
Det er kombinationen af at browseren holder sessioner åbne, selvom linket er fjernet, og så den lange TTL for ESTABLISHED.


Ahh, fandt det:
Der var fornylig en tråd her om et relateret emne: NAT timeout...
(03/17/05)

Fra /usr/src/linux/net/ipv4/netfilter/ip_conntrack_proto_tcp.c :

static unsigned long tcp_timeouts[]
= { 30 MINS,    /*      TCP_CONNTRACK_NONE,     */
   5 DAYS,     /*      TCP_CONNTRACK_ESTABLISHED,      */
   2 MINS,     /*      TCP_CONNTRACK_SYN_SENT, */
   60 SECS,    /*      TCP_CONNTRACK_SYN_RECV, */
   2 MINS,     /*      TCP_CONNTRACK_FIN_WAIT, */
   2 MINS,     /*      TCP_CONNTRACK_TIME_WAIT,        */
   10 SECS,    /*      TCP_CONNTRACK_CLOSE,    */
   60 SECS,    /*      TCP_CONNTRACK_CLOSE_WAIT,       */
   30 SECS,    /*      TCP_CONNTRACK_LAST_ACK, */
   2 MINS,     /*      TCP_CONNTRACK_LISTEN,   */
};

Altså 5 days; underlig lang tid, som ikke kan ændres i /proc .
At leve med stadset, eller ændre og rekompilere kernen.
- jeg holder oftest min browser åben 24/7 fordi jeg følger med på en lang række techsites :p


--
Kind regards,
Mogens Valentin



Medicin har de mest åndssvage navne, så her er min egen:

Retardon - for dig, der ønsker at geare ned
Retardon - hvis du virkelig vil stå af..
  -- Mogens Valentin



 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 22:43 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *