1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Regarding the button "Drop Idle"

Discussion in 'Tomato Firmware' started by Kiwi8, Jan 19, 2008.

  1. Kiwi8

    Kiwi8 LI Guru Member

    As u all may know there is this "Drop Idle" button that is on the Advanced -> Conntrack page. May I ask which of the following categories does it drop to satisfy the idle criteria?

    SYN Sent
    SYN Received
    FIN Wait
    Time Wait
    Close Wait
    Last ACK

  2. der_Kief

    der_Kief Super Moderator Staff Member Member


    i think if you want a reliable answer you have to contact Jon :wink:

  3. kzrssk

    kzrssk LI Guru Member

    I always assumed that it dropped any connection that wasn't actively transferring data at that exact moment, which sounded rather destructive, connection-wise, so I never bothered to use it. I just set my Established timeout much lower, to 900.
  4. mstombs

    mstombs Network Guru Member

    Tick "count connections" and try it ... big effect on "Time Wait" for me.
  5. Planiwa

    Planiwa LI Guru Member

    I just noticed this thread and I see that no one has answered it here.

    The button reduces the Time-to-live time of all connections to 15 seconds, with the result that any connection that does not become active in the next 15 seconds will expire.

    This is rather reckless, especially if done repeatedly.

    It is far better to monitor connections with good tools, and to reduce Timeouts such as all UDP and Time-Wait down to 20 or even 10 seconds.

    The connections that crash routers are not long-lasting connections but surges of thousands of instant UDP connections. "Early Expiring" an estableshed TCP connection may create zombie and orphaned processess on the router, which will take up free space and may themselves crash the router.

Share This Page