bugzilla-daemon@netfilter.org
2003-Feb-13 23:55 UTC
[Bug 49] New: TCP conntrack entries with huge timeouts
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=49
Summary: TCP conntrack entries with huge timeouts
Product: netfilter/iptables
Version: linux-2.4.x
Platform: i386
OS/Version: other
Status: NEW
Severity: major
Priority: P2
Component: connection tracking
AssignedTo: laforge@netfilter.org
ReportedBy: arvids@vendomar.lv
CC: netfilter-buglog@lists.netfilter.org
there are many TCP conntrack entries with huge timeouts. They all are in TCP
state CLOSE or SYN_SENT and all have UNREPLIED status. Here are top five of such
entries:
$ cat /proc/net/ip_conntrack | sort -rn +2 | head -n5
tcp 6 10612455 SYN_SENT src=24.151.31.7 dst=x.x.x.x sport=2440 dport=1641
[UNREPLIED] src=x.x.x.x dst=24.151.31.7 sport=1641 dport=2440 use=1
tcp 6 9989140 CLOSE src=172.184.195.106 dst=x.x.x.x sport=3355 dport=1598
[UNREPLIED] src=x.x.x.x dst=172.184.195.106 sport=1598 dport=3355 use=1
tcp 6 8854750 CLOSE src=80.193.224.8 dst=x.x.x.x sport=2742 dport=2866
[UNREPLIED] src=x.x.x.x dst=80.193.224.8 sport=2866 dport=2742 use=1
tcp 6 8530295 CLOSE src=24.49.40.115 dst=x.x.x.x sport=1051 dport=1351
[UNREPLIED] src=x.x.x.x dst=24.49.40.115 sport=1351 dport=1051 use=1
tcp 6 8441658 CLOSE src=x.x.x.x dst=67.81.93.46 sport=3253 dport=1060
[UNREPLIED] src=67.81.93.46 dst=x.x.x.x sport=1060 dport=3253 use=1
box is doing SNAT, loaded modules:
ipt_iplimit 1432 1
ip_nat_irc 2256 0 (unused)
ip_nat_ftp 2800 0 (unused)
ip_conntrack_irc 2992 1
ip_conntrack_ftp 3760 1
iptable_nat 15160 3 [ip_nat_irc ip_nat_ftp]
ip_tables 10872 4 [ipt_iplimit iptable_nat]
ip_conntrack 16576 4 [ipt_iplimit ip_nat_irc ip_nat_ftp
ip_conntrack_irc ip_conntrack_ftp iptable_nat]
kernel 2.4.20, iptables-1.2.7a, patch-o-matic-20030107
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.