[List address fixed - I assume netfilter-devel@xxxxxxxxxxxxxxxx doesn't
exist :)]
Herbert Xu wrote:
Hi:
I've recently started keeping an eye on the number of connections
in my router's conntrack table. It was sad to see so many TCP
connections that have died long ago still lingering in it. We all
know that wandering ghosts are bad :)
Here's my proposal to lay them to rest once and for all. The
obvious solution is to reduce the timeout. However, that runs
afoul of idle connections. So the key is how do we tell an
idle connection apart from a dead one.
Actually it isn't too hard. The most common reason for a connection
to die without sending FIN/RST is a retransmission timeout. For
example in Linux we can enter FIN_WAIT_1 without even transmitting
the actual FIN because of outstanding data before it. So if we
tracked whether each connection has unacknowledged data then we
will be able to easily distinguish them. In other words, we can
drastically lower the timeout on a connection with data outstanding.
The only trouble now is to find a sucker^H^H^H^H^H^Hvolunteer
to implement this :)
That sounds like a pretty neat idea. I'm testing a patch now, I'll
send it over in a few minutes if it survives :)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
