LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 05-13-2011, 06:14 PM   #1
Washington Ratso
LQ Newbie
 
Registered: Sep 2010
Posts: 26

Rep: Reputation: 0
Connection Destroy Time with Net Filter Connection Tracking


When I have video running and the video stops, I see that the connection is destroyed in about 5 seconds, which is what I want.

If, rather than stopping the video, I pull the plug, I have seen it take 350 and 380 seconds before the connection is destroyed.

Why is there such a large difference in the time to destroy a video connection between stopping the video and pulling the plug on it when using net filter connection tracking? How can I shorten the time for the connection to get destroyed when pulling the plug?
 
Old 05-14-2011, 11:18 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Well there's a handshake to close the connection when it stops gracefully, but not if you pull the plug. ripping out conntrack entries after 5 seconds is pretty drastic, really wouldn't recommend that, maybe 30 seconds. You can shorten it using net.netfilter.nf_conntrack_tcp_timeout_established=30 in /etc/sysctl.conf (parameters can change - run "systcl -a | grep conntrack" for all conntrack parameters.
 
Old 05-15-2011, 02:58 PM   #3
Washington Ratso
LQ Newbie
 
Registered: Sep 2010
Posts: 26

Original Poster
Rep: Reputation: 0
Connection Destroy Time with Net Filter Connection Tracking

What is the reason to wait 30 seconds to rip out a conntrack entry? I am using my conntrack entries to create and remove traffic control priority queues to implement QoS. I have a finite number of priority queues I can have at any point in time. So, I want to destroy connections ASAP, because, if there is another high priority connection not assigned to a queue, I want it to be assigned to the queue sooner, rather than later.
 
Old 05-15-2011, 03:51 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
how many working connections are you expecting to go awol?? You'd be MUCH more concerned about time wait state connections as they will just routinely sit around for an arbitrary period after EVERY connection finishes, not just ones where some kids mum walked into his bedroom halfway through him doing something he shouldn't. Don't take actions like this for exceptions, configure for normal activity. In general a connection has the right to not transmit for 5 seconds, it's really not long. If you can't manage 30 seconds, then you have bigger problems to worry about, like a totally unwell network.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with connection tracking vishamr2000 Linux - Security 1 05-27-2005 10:37 AM
Time out in Connection established state if no Data flows on that connection asurya Linux - Networking 2 04-10-2005 04:54 PM
app for tracking net connection over time curmudgeon42 Linux - Software 1 02-07-2005 07:59 PM
SUSE9.2 I-net connection lost after short time - DSL behind a router... Zzorrkk Suse/Novell 8 02-01-2005 09:11 AM
idea: sharing net connection, method: iptables..., problem: broken net connection :( danny2055 Linux - Networking 4 06-09-2003 08:00 AM


All times are GMT -5. The time now is 03:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration