On Sun, Nov 19, 2017 at 09:27:28PM +0100, Florian Westphal wrote: > When zero window is announced we can get into a situation where > connection stays around forever: > > 1. One side announces zero window. > 2. Other side closes. > > In this case, no FIN is sent (stuck in send queue). > > Unless other side opens the window up again conntrack > stays in ESTABLISHED state for a very long time. > > Lets alleviate this by lowering the timeout to RETRANS (5 minutes), > the other end should be sending zero window probes to keep the > connection established as long as a socket still exists. Applied, thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
