[Quantal][SRU][PATCH] Fix for LP#1270237

Chris J Arges chris.j.arges at canonical.com
Fri Feb 7 21:54:49 UTC 2014


[Impact]
When running a server for an extended amount of time the conntrack table can fill up.
Here is the netfilter discussion: http://www.spinics.net/lists/netfilter-devel/msg26759.html

[Fix]
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6547a221871f139cc56328a38105d47c14874cbe

Present in 3.11 >

[Test Case]
>From the patch:
When loose tracking is enabled (default), non-syn packets cause
creation of new conntracks in established state with default timeout for
established state (5 days). This causes the table to fill up with UNREPLIED
when the 'new ack' packet happened to be the last-ack of a previous,
already timed-out connection.


Florian Westphal (1):
  netfilter: nf_conntrack: avoid large timeout for mid-stream pickup

 net/netfilter/nf_conntrack_proto_tcp.c |    6 ++++++
 1 file changed, 6 insertions(+)

-- 
1.7.9.5





More information about the kernel-team mailing list