Commit fbcd253d authored Nov 19, 2017 by Florian Westphal Committed by Pablo Neira Ayuso Nov 20, 2017

netfilter: conntrack: lower timeout to RETRANS seconds if window is 0



When zero window is announced we can get into a situation where
connection stays around forever:

1. One side announces zero window.
2. Other side closes.

In this case, no FIN is sent (stuck in send queue).

Unless other side opens the window up again conntrack
stays in ESTABLISHED state for a very long time.

Lets alleviate this by lowering the timeout to RETRANS (5 minutes),
the other end should be sending zero window probes to keep the
connection established as long as a socket still exists.

Cc: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent ec8a8f3c

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit adc31fae
· Oct 07, 2019

mentioned in commit adc31fae

mentioned in commit adc31faeb35004d1c6b51bc61345f5801feb1b56

Toggle commit list

Please register or to comment