Le mer 09/04/2003 à 15:00, dhiraj.2.bhuyan@xxxxxx a écrit : > As far as I understand, an "ACK" packet can also start a "NEW" connection. > If the connection remains idle for long, the Netfilter's connection tracking > engine times out that connection and removes it's entry from the state > table. Now when an "ACK" packet comes back after sometime, the connection > tracking engine marks this as a "NEW" connection. However am not sure how > the state changes to "ESTABLISHED". Timers for Netfilter's conntrack should be the same as TCP stacks. So, if conntrack times out, then destination TCP stack should time out too. that means if a ACK gets so delayed that related conntrack entry gets dropped, than it would be also dropped by destination TCP stack. -- Cédric Blancher <blancher@xxxxxxxxxxxxxxxxxx> IT systems and networks security - Cartel Sécurité Phone : +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
