search for: is_confirm

...ading to 2.4.20, found that conntrack table overflows after a week or so. Quick examination showed large number of entries in SYN_SENT state with super long timeouts exist. The offending change was in include/linux/list.h. list_del() now zeros prev and next pointer of list_head, which circumvents is_confirmed() test. This didn't cause troubles to most conntrack entries which disappear by timing out. But as our cache was bypassing some of the connections, the machine was seeing only one way stream of packets (!IPS_SEEN_REPLY). And when the originating host terminates a bypassed connection by se...

...Have we seen traffic both ways yet? (bitset) */ - volatile unsigned long status; + unsigned long status; =20 /* Timer function; drops refcnt when it goes off. */ struct timer_list timeout; @@ -254,7 +259,7 @@ /* It's confirmed if it is, or has been in the hash table. */ static inline int is_confirmed(struct ip_conntrack *ct) { - return ct->tuplehash[IP_CT_DIR_ORIGINAL].list.next !=3D NULL; + return test_bit(IPS_CONFIRMED_BIT, &ct->status); } =20 extern unsigned int ip_conntrack_htable_size; diff -urN --exclude-from=3Ddiff.exclude linux-2.4.20-base/net/ipv4/netfilte= r/ip_conntrac...