Re: [PATCH nf] netfilter: conntrack: reset tcp maxwin on re-register

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Doug Smythies <dsmythies@xxxxxxxxx> wrote:
> On 2018.08.22 11:26 Doug Smythies wrote:
> > On 2018.08.21 02:26 Florian Westphal wrote:
> >
> > ... [snip] ...
> >
> >> Fix this by clearing maxwin of existing tcp connections on register.
> >> While at it, lower timeout of existing entries when disabling to allow
> >> gc to reap entries more quickly.
> >>
> >> Reported-by: Doug Smythies <dsmythies@xxxxxxxxx>
> >> Fixes: 4d3a57f23dec59 ("netfilter: conntrack: do not enable connection tracking unless needed")
> >> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> >> ---
> >> net/netfilter/nf_conntrack_proto.c | 61 ++++++++++++++++++++++++++++++++++++--
> >> 1 file changed, 59 insertions(+), 2 deletions(-)
> >
> > ... [snip] ...
> >
> > I was not able to apply this patch on top of kernel 4.18, as it 
> > seems to be on top of other patches since then.
> >
> > I was able to apply it on top of the mainline kernel as of sometime
> > yesterday (head was at ad1d697)(somewhere between 4.18 and 4.19-rc1).
> >
> > I verified that as of ad1d697 the issue was still present and then
> > tested ad1d697 + this patch and the issue is fixed.
> >
> 
> I spoke too soon. Now I have issues with any other SSH sessions
> dropping out if I don't use them within one minute of an iptables rule
> set flush and re-load.

True.  I should probably just rip out the lowering of the timer.

V2 coming soon.



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux