[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: another conntrack table query
From:       Nimit Gupta <nimit () deeproot ! co ! in>
Date:       2003-01-31 14:47:26
[Download RAW message or body]

hello,
	one more thing on what basis the time for UNREPLIED entries gets
reset? is there a link where such things are explained in detail?


thanks for your help.

with regards,
nimit.

On Fri, 31 Jan 2003, Athan wrote:

> On Fri, Jan 31, 2003 at 04:10:23PM +0530, Nimit Gupta wrote:
> > hello,
> > 	can somebody point me to a link or answer why does the conntrack table
> > keeps the entry for connections marked as TIME_WAIT, and if it is not so
> > useful how can i remove them as soon as the connection finishes.
>
>   My guess would be because it is still waiting for the remote end to
> fully close the connection.  This means there's the possibility of
> further packets getting sent to that local ip:port.  If you delete the
> entry and the port gets reused you'll possibly have two remote ip:port's
> both trying to send traffic to the same local ip:port and causing
> erroneous RSTs of the connection.
>
>   Or something like that.
>
> -Ath



[prev in list] [next in list] [prev in thread] [next in thread]