Markus Kohler(deleted)
|
Network connection state table timeouts: Packet Filter (pf) vs kernel (netstat)
|
Markus Kohler(deleted)
05/28/2013 8:58 AM
post101746
|
Network connection state table timeouts: Packet Filter (pf) vs kernel (netstat)
Dear folks,
we're trying to allow TCP port re-usage on a Modbus server device in a simple point-to-point local network with static
IPv4 addresses set. The server side is an embedded PPC device running QNX Neutrino 6.4.1.
We also have the Packet Filter (pf) enabled in order to prevent network attacks, and already configured the pf-internal
connection state timeouts appropriately, so that the client could re-connect over the same port after 60s if the
connection broke down “by force” (i.e. is still in state ESTABLISHED but with the Ethernet connection being
temporarily removed).
However, this does not work as expected (at least not with pf enabled), since the kernel apparently holds the connection
in state ESTABLISHED even after the timeout configured in pf.
Hence, I have two questions regarding this matter:
1. Is there a way to modify the connection state timeouts set in the kernel (i.e. those to which netstat refers to)?
2. If not, what else could I do to enable TCP port re-usage after 60s (apart from disabling pf)?
Many thanks in advance!
Regards,
Markus
|
|
|