Chris Mi <cmi@xxxxxxxxxx> wrote: > > nf_tcp_handle_invalid() here resolves the problem as well? > > Intent would be to reduce timeout but keep connecton state > > as-is. > > > > I don't think we should force customers to tweak sysctls to > > make expiry work as intended. > > It doesn't work. The if statement is not executed because the condition > is not met. > > [Mon Sep 23 18:41:59 2024] nf_tcp_handle_invalid: 756, last_dir: 0, dir: 0, > last_index: 3 How about relaxing nf_tcp_handle_invalid() to no longer check dir and last_index? It already makes sure that timeout can only be reduced by such invalid fin/rst. I.e. also get rid of else clause and extra indent level. > Even if the if statement is executed, the timeout is still not changed. Hmm, why not? Can you elaborate? Is the timeout already below 2 minutes? If so, what is the exact expectation? Could you propose a patch? As I said, I dislike tying this to sysctls.
