On Thursday 17 June 2004 4:07 pm, Tobias DiPasquale wrote:
> Hello all,
>
> I have a module that exports a /proc entry which takes a string with 4
> args in it (src IP/port and dst IP/port) and then attempts to delete
> the conntrack entry for the TCP connection associated with those
> arguments.
>
> The problem is as follows:
>
> There is a userspace script that runs from cron every 5 minutes. It
> looks through the /proc/net/ip_conntrack listing to see if any
> connections are "stale" (i.e. haven't seen a packet from them in
> some amount of time). It then feeds their connection information
> into my module's /proc entry so that those conntrack records can
> be destroyed.
Why not just use the built-in timeouts to delete stale entries from the
conntrack table?
You can adjust the timeout settings using entries in
/proc/sys/net/ipv4/netfilter and I believe there may be a p-o-m update to
give even further fine-grained control.
Regards,
Antony.
--
I own three Windows books, published by O'Reilly. They are "Windows
Annoyances", "Office 97 Annoyances" and "Windows 98 Annoyances". That
pretty much sums it up for me.
Please reply to the list;
please don't CC me.
