Nelson Minar <[EMAIL PROTECTED]> wrote:
>
> I guess my question is, why do they timeout at all? Since you know
> when a TCP connection is closed (because the socket is explicitly shut
> down), why not just wait for that and then close the connection?
If one could assume well-behaved networks, there would be no need for
timeouts, ever. :)
> I guess I can just bump the timeout up to 24 hours or so.
I have mine set to two hours. Seems to be good.
> The only thing I can think of is that there might be some situation
> where the router never hears that the connection closed down. How can
> this happen?
Suppose you had a connection open, then someone turned off the machine?
Or the machine crashed and rebooted? There would be no TCP FIN packets
sent, because the state of the connection is lost completely.
> I guess it would happen if both ends simultaneously just dropped off
> the net, but what about if only one of them did?
It depends on whether the other side has data to send. If neither side
is sending, there are no packets going back and forth, so neither can
determine if the other is up or down. TCP keep-alives are supposed to
kick in after a while, but many kernels only instigate these after a
very long time, perhaps 30 minutes to two hours.
> The ipfwadm implies that IP-Masq watches for TCP FIN packets. Is
> there a circumstance where those never get sent?
Well, after I said all that, I offer some empirical evidence. I would
frequently log into my masq box and check the current connection list,
and find a large number of connections listed, but if one were to go
look at the box that claimed to hold the connection, it thought that the
connection was closed (i.e. didn't exist). So, the one side of the
link, and presumably the other side as well, thought the connection was
closed, but the masq box in the middle seemed to think it was still
open. A bug in Masq? I dunno. But, if there were no two-hour timeout,
I probably would have accumulated a large number of stale masq entries,
and after enough time, that would use up a lot of ports on the masq box.
I haven't observed this behavior with 2.1, though.
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Her lips said 'No,' but her
sometimes known as David DeSimone || eyes said 'Read my lips!'"
http://www.dallas.net/~fox/ ||
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
