On 09/22/2008 10:03:53 AM, Jordi Espasa Clofent wrote:
Stuart Henderson escribió:
You may be recycling port numbers before the state fully expired.
If that's the case you can try reducing the tcp.closed timeout:
"keep state (tcp.closed XX)".
Wouldn't that be tcp.finwait for "normal" tcp connection closes?
FYI, I have seen Microsoft OSs reuse the source IP, source port,
destination IP, destination port quad before the 2MSL timeout
required by the TCP spec. The point being that you can see
repeats without rotating through all available port numbers
if the client is stupid. I seem to recall that poking
at the problem with a stick lead me to conclude that
Microsoft was using some small fixed time limit for
TCP_FINWAIT. Something like 3 or 5 seconds.
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
