On Mon, 6 May 2013, Vladimir Ondrus wrote: > We have a setup with many tcp connections, which are after short time > activelly closed from remote site. However we have our nf_conntrack > table full with connections in TIME_WAIT state. Output from netstat > shows no connection in TIME_WAIT state, which we think is correct, > because we are passive close site, so connection should not go through > TIME_WAIT state. > > Why tcp connection in conntrack table goes through TIME_WAIT, even we > are pasive close site in tcp? Conntrack reflects the state of the communicating party which sent the last packet, processed by conntrack. In this case it's in the TIME_WAIT state. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
