Hi, We have a setup with many tcp connections, which are after short time activelly closed from remote site. However we have our nf_conntrack table full with connections in TIME_WAIT state. Output from netstat shows no connection in TIME_WAIT state, which we think is correct, because we are passive close site, so connection should not go through TIME_WAIT state. Why tcp connection in conntrack table goes through TIME_WAIT, even we are pasive close site in tcp? Regards, Vladimir Ondrus suf-ins:~ # uname -a Linux suf-ins 3.0.58-0.6.6-default #1 SMP Tue Feb 19 11:07:00 UTC 2013 (1576ecd) x86_64 x86_64 x86_64 GNU/Linux suf-ins:~ # lsmod | grep conntrack nf_conntrack_ipv4 14856 4 iptable_nat,nf_nat nf_conntrack 91963 4 xt_state,iptable_nat,nf_nat, nf_conntrack_ipv4 nf_defrag_ipv4 12729 1 nf_conntrack_ipv4 suf-ins:~ # modinfo nf_conntrack filename: /lib/modules/3.0.58-0.6.6-default/kernel/net/netfilter/nf_conntrack.ko license: GPL srcversion: BAAB16A923443DCF4CD66A3 depends: supported: yes vermagic: 3.0.58-0.6.6-default SMP mod_unload modversions parm: tstamp:Enable connection tracking flow timestamping. (bool) parm: acct:Enable connection tracking flow accounting. (bool) parm: expect_hashsize:uint suf-ins:~ # -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
