76572 – Lame netfilter connection tracking bug in 2.6.10

Bug 76572 - Lame netfilter connection tracking bug in 2.6.10

Summary: Lame netfilter connection tracking bug in 2.6.10

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Daniel Drake (RETIRED)

URL:	http://www.kernel.org/pub/linux/kerne...
Whiteboard:
Keywords:	Bug, InVCS

Depends on:
Blocks:

Reported:	2005-01-03 16:07 UTC by kfm
Modified:	2005-01-08 09:42 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description kfm 2005-01-03 16:07:36 UTC

Hi folks. I happened to be browsing the latest -mm patchlist and stumbled across
"fix-broken-rst-handling-in-ip_conntrack.patch" (see URL). The problem is that RST
packets are not duly acknowledged after ACK's. Thus, the connection tracking state
table can become saturated with stale connections that, by default, will not be 
removed for 5 days (!) where they should be expired much earlier. The author says
it's a pretty serious bug and I would tend to agree.

Is there any chance for this to be included in the g-d-s tree?

Comment 1 Daniel Drake (RETIRED) gentoo-dev

2005-01-08 09:42:39 UTC

thanks, in 2.6.10-r3