On Sun, 2 Oct 2005, Jozsef Kadlecsik wrote:
But that relies on the assumption that the receiver side wants to close the session as well. If it enters the CLOSE_WAIT state instead, the connection will hang anyway in spite of letting through the FIN and assuming the LAST_ACK state.
Yes, but at that stage it is not a network problem, only a badly designed application who do not shut down when the other end closes the connection.
CLOSE_WAIT is waiting for the local application to close the local end of the connection.
However how would conntrack loose an (established) connection? Or are we speaking of loading in conntrack "on the fly" when there are already established connections flowing through the firewall? That's doable but hairy and unreliable anyway due to the lost window scaling parameters.
Yes. Or more realisticly reboot of the firewall/router or failover between two firewalls/routers not using ctsync.
Somehow I have got bad feelings on passing random RST segments.
And as I said it is of very little value. Regards Henrik
