Krzysztof Oledzki wrote:
This patch kills long living ftp transfers from one of my hosts. I'm not
able to transfer large files if it takes more than
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged seconds.
After logging to the remote host and issuing any FTP command (ls or
put/get for example) tuple's timeout is reduced. Additional commands are
able to bump it but only upto
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged.
It seems that IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED flag is never cleard.
Tested on 2.6.28.10.
Interesting, are you using the FTP NAT helper?
I'm guessing there is some bad interaction between sequence number
adjustments when changing the packet sizes and sequence number
tracking in conntrack.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
