Hello list, I just carried out a couple of tests to see how conntrack changes the state of a TCP stream - ----------- test 1 ------------------------------------------------- 1. (A) ---->SYN----->(B) FW state = SYN_SEND 2. (A) <---SYN+ACK-- (B) FW state = SYN_RECV 3. (A) -----ACK----->(B) FW state = ESTABLISHED (ASSURED) 4. (A) --->FIN+ACK-->(B) FW state = FIN_WAIT 5. (B) <-----ACK---- (B) FW state = TIME_WAIT (times out after 2 mins) ----------- test 2 ------------------------------------------------- 1. (A) ---->SYN----->(B) FW state = SYN_SEND 2. (A) <---SYN+ACK-- (B) FW state = SYN_RECV 3. (A) -----ACK----->(B) FW state = ESTABLISHED (ASSURED) 4. (A) <---FIN+ACK-- (B) FW state = CLOSE_WAIT 5. (B) -----ACK----> (B) FW state = TIME_WAIT (times out after 2 mins) Now step (4) of test 1 leads to FIN_WAIT state, but step (4) of test 2 leads to CLOSE_WAIT. The only difference between the two is the direction of packet flow. So the question - is this the expected behaviour? If yes, what is the purpose? dhiraj
