On 9/24/2024 12:51 AM, Florian Westphal wrote:
Chris Mi <cmi@xxxxxxxxxx> wrote:
nf_tcp_handle_invalid() here resolves the problem as well?
Intent would be to reduce timeout but keep connecton state
as-is.
I don't think we should force customers to tweak sysctls to
make expiry work as intended.
It doesn't work. The if statement is not executed because the condition
is not met.
[Mon Sep 23 18:41:59 2024] nf_tcp_handle_invalid: 756, last_dir: 0, dir: 0,
last_index: 3
How about relaxing nf_tcp_handle_invalid() to no longer check dir and
last_index?
Yes, I did that. I removed the check. The timeout value is 1 day.
I remember it should be 5 days. Not sure what changed.
It already makes sure that timeout can only be reduced by such invalid
fin/rst.
I.e. also get rid of else clause and extra indent level.
Even if the if statement is executed, the timeout is still not changed.
Hmm, why not? Can you elaborate? Is the timeout already below 2 minutes?
As I mentioned above, the timeout is 1 day.
If so, what is the exact expectation?
Could you propose a patch? As I said, I dislike tying this to sysctls.
Sure. I will add more debug log to understand the function
nf_tcp_handle_invalid() and propose a patch.
