On Thu, 31 Jul 2008, Patrick McHardy wrote:
netfilter: nf_conntrack_tcp: decrease timeouts while data in unacknowledged In order to time out dead connections quicker, keep track of outstanding data and cap the timeout. Suggested by Herbert Xu. Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
<CUT>This patch kills long living ftp transfers from one of my hosts. I'm not able to transfer large files if it takes more than net.netfilter.nf_conntrack_tcp_timeout_unacknowledged seconds.
After logging to the remote host and issuing any FTP command (ls or put/get for example) tuple's timeout is reduced. Additional commands are able to bump it but only upto net.netfilter.nf_conntrack_tcp_timeout_unacknowledged.
It seems that IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED flag is never cleard. Tested on 2.6.28.10. Attaching raw tcpdump from the session. Best regards, Krzysztof Olędzki
Attachment:
ae375044d31075a31de5a839e07ded7f67b660aa-bugreport1
Description: Binary data
