[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: conntrackd questions
From:       Pablo Neira Ayuso <pablo () netfilter ! org>
Date:       2013-02-25 15:45:32
Message-ID: 20130225154532.GD20561 () localhost
[Download RAW message or body]

On Fri, Feb 22, 2013 at 11:12:55AM +0100, Marco wrote:
[...]
> > In your previous config, assuming you use a 3.x kernel, I saw you did
> > not enabled TCPWindowTracking On. That allows the new primary to
> > recover TCP window tracking from the middle.
> 
> Unfortunately, the system where this will run has a 2.6.32 kernel, so
> this is not an option for the moment.

I really recommend you to upgrade to some stable branch of 3.x. Many
relevant updates and fixes went into the ctnetlink code since that
version you're using.

[...]
> Well, the docs mention window tracking here and there, but (at least
> to me) it's not clear what that does, and that it's (or could be) the
> solution to this problem I'm seeing.
> Furthermore, I found no documentation or explanation of
> nf_conntrack_tcp_be_liberal on google, neither it is in the sysctl.txt
> file that documents the /proc/sys/net entries, nor anywhere else.

http://git.kernel.org/?p=linux/kernel/git/davem/net-next.git;a=blob;f=Documentation/ne \
tworking/nf_conntrack-sysctl.txt;h=70da5086153dbd24a9c9258e73cc16440d247519;hb=HEAD

Regards.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[prev in list] [next in list] [prev in thread] [next in thread]