1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Conntrack -- found a secret Timeout

Discussion in 'Tomato Firmware' started by Planiwa, Feb 14, 2012.

  1. Planiwa

    Planiwa LI Guru Member

    Apart from the timeouts that can be found in Tomato's GUI and in /proc/sys/net/netfilter/ , there appears to be at least one more kind:

    Code:
     17 3594 src=.103 dst=208.87.3.236 sp=5060 dp=5060 P=599 B=36500 src=208.87.3.236 dst=WANIP sp=5060 dp=5060 P=268 B=20499 [A] mark=1048842 use=1
    
    This seems to be some sort of SIP/VOIP/Nettalk device.

    The question is -- how did it get a timeout of 3600s? My udp timeouts are 5s and 10s:

    Code:
    N16:netfilter# head  *udp*
    ==> nf_conntrack_udp_timeout <==
    5
    
    ==> nf_conntrack_udp_timeout_stream <==
    10
    
    Could this be related to the items at the bottom of the advanced-ctnf.asp Page, in particular,
    Tracking/NAT helpers -- SIP ?
    If so, how, and what other nonstandard Timeouts are there?
     
  2. Badders44

    Badders44 LI Guru Member

    There is a thread around which describes this SIP Tracking/NAT Helper and shows how it overrides the UDP timeouts. I seem to remember it recommends disabling it for certain VOIP providers. I certainly needed to disable it to get Sipgate stable.
     
  3. Planiwa

    Planiwa LI Guru Member

    Thanks. Yes, it was Mango who mostly contributed to that thread.

    I noticed this because it was spitten out by my reporting tool that calculates the idle-time of connections as: Timeout - TTL.

    This particular trick results in a connection with a huge negative idle time.
     

Share This Page