search for: ip_conntrack_proto_tcp

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=49 ------- Additional Comments From laforge@netfilter.org 2003-02-14 08:39 ------- what patches from patch-o-matic do you use? Do you know how to reproduce this behaviour? ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

...eck it... In the end the patch didn't apply in its whole and I didn't discover it, because the build system just went on. Here is the error: patching file include/linux/netfilter_ipv4/ip_conntrack.h patching file net/ipv4/netfilter/ip_conntrack_core.c patching file net/ipv4/netfilter/ip_conntrack_proto_tcp.c Hunk #1 FAILED at 192. 1 out of 1 hunk FAILED -- saving rejects to file net/ipv4/netfilter/ip_conntrack_proto_tcp.c.rej patching file net/ipv4/netfilter/ip_conntrack_proto_udp.c patching file net/ipv4/netfilter/ip_conntrack_standalone.c I used the patch from https://bugzilla.netfilter.or...

...max. since the table is now after ~70 minutes down to 6995 entries, i wonder if i can flush this table manually. the entries in there look like tcp 6 155674 ESTABLISHED src=x.x.x.x dst=y.y.y.y sport=1234 dport=5678 src=y.y.y.y dst=x.x.x.x sport=5678 dport=1234 [ASSURED] use=1 and if i get ip_conntrack_proto_tcp.c right, the default timeout for ESTABLISHED is 5 days. but i dont want to wait that long :( Patrick _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

...us & IPS_EXPECTED) { + } else if (test_bit(IPS_EXPECTED_BIT, &h->ctrack->status)) { DEBUGP("ip_conntrack_in: related packet for %p\n", h->ctrack); *ctinfo =3D IP_CT_RELATED; diff -urN --exclude-from=3Ddiff.exclude linux-2.4.20-base/net/ipv4/netfilte= r/ip_conntrack_proto_tcp.c linux-2.4.20-del/net/ipv4/netfilter/ip_conntrack= _proto_tcp.c --- linux-2.4.20-base/net/ipv4/netfilter/ip_conntrack_proto_tcp.c Tue Feb 1= 8 17:07:26 2003 +++ linux-2.4.20-del/net/ipv4/netfilter/ip_conntrack_proto_tcp.c Fri Feb 21= 17:03:35 2003 @@ -192,7 +192,7 @@ have an established conn...

...nt32_t last_ack; /* Last sequence number seen in opposite dir */ u_int32_t last_end; /* Last seq + len */ + u_int16_t last_win; /* Last window advertisement seen in dir */ }; #endif /* __KERNEL__ */ --- /usr/src/linux-2.6.17.13/net/ipv4/netfilter/ip_conntrack_proto_tcp.c.orig 2006-09-09 13:23:25.000000000 +1000 +++ /usr/src/linux-2.6.17.13/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2006-09-15 11:16:07.000000000 +1000 @@ -732,12 +732,14 @@ if (state->last_dir == dir && state->last_seq == s...

hi all, have anyone tried changing the tcp setting in the source files ? for eg decreasing the TCP_KEEPALIVE_TIME from 2 hours to say 10 min --> (120*60*HZ) to (10*60*HZ) in include/net/tcp.h ?? changing the parameters in static unsigned long tcp_timeouts[] in net/ipv4/netfilter/ip_conntrack_proto_tcp.c from 5 DAYS to 4 HOURS or from 30 MIN to 10 MIN or both ??? will that change tcp keep alive or packets in conntrack in any way ??.. sorry for being too basic but am trying to think how it can help better my iptables/iproute firewal/bandwidth on my pc ! thankiing in advance A.H

...ake[2]: Se elimina la dependencia circular /usr/src/linux-2.4.19/include/linux/netfilter_ipv4/ip_conntrack_helper.h <- /usr/src/linux-2.4.19/include/linux/netfilter_ipv4/ip_conntrack.h. ld -m elf_i386 -r -o ip_conntrack.o ip_conntrack_standalone.o ip_conntrack_core.o ip_conntrack_proto_generic.o ip_conntrack_proto_tcp.o ip_conntrack_proto_udp.o ip_conntrack_proto_icmp.o ld -m elf_i386 -r -o iptable_nat.o ip_nat_standalone.o ip_nat_rule.o ip_nat_core.o ip_nat_helper.o ip_nat_proto_unknown.o ip_nat_proto_tcp.o ip_nat_proto_udp.o ip_nat_proto_icmp.o gcc -D__KERNEL__ -I/usr/src/linux-2.4.19/include -Wall -Wstrict-pr...

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=40 ------- Additional Comments From pmccurdy@net-itech.com 2004-08-04 06:06 ------- We have managed to replicate this bug in-house. It seems to happen to us when we have a machine acting as a NAT router that we saturate with outgoing UDP packets; we use hping2 to generate them from a workstation connected via 100 Mbit

Hi all, i need advice how can i limit ip_conntrack per IP. clients of network that i support often uses torrent , DC++ , eMule clients and i have lost packages because they open too many ports. i have traffic control limits but this obviously isn''t enough Any advance how to prevent server from this kind problems will be welcome. Best regards Emil