decrease ip_conntrack_tcp_timeout_established to 5hrs

Changes

@@ -1,4 +1,4 @@
-* Sat Feb 18 2006 Brendan O'Dea <bod@optus.net> 2.1.16
+* Thu Feb 23 2006 Brendan O'Dea <bod@optus.net> 2.1.16
 - Send configured magic-no in LCP EchoReq when LCP is opened.
 - Correct addition of single IP to pool (Jonathan Yarden).
 - Ensure session changes from LCP ConfigReq/ConfigNak are sent to cluster.
@@ -6,6 +6,7 @@
 - Avoid endless loop in processipcp, processipv6cp.
 - Additional length checks in processlcp.
 - Allow peer to request a new magic-number, or to disable magic-numbers.
+- Decrease ip_conntrack_tcp_timeout_established to 5hrs (table filling).
 
 * Mon Dec 19 2005 Brendan O'Dea <bod@optus.net> 2.1.15
 - Drop backtrace.

garden.c

@@ -9,7 +9,7 @@
 
 /* walled garden */
 
-char const *cvs_id = "$Id: garden.c,v 1.24 2005-10-11 09:04:53 bodea Exp $";
+char const *cvs_id = "$Id: garden.c,v 1.25 2006-02-23 01:07:23 bodea Exp $";
 
 int plugin_api_version = PLUGIN_API_VERSION;
 static struct pluginfuncs *f = 0;
@@ -23,7 +23,8 @@ char *up_commands[] = {
     "iptables -t nat -N garden_users >/dev/null 2>&1",		// Empty chain, users added/removed by garden_session
     "iptables -t nat -F garden_users",
     "iptables -t nat -A PREROUTING -j garden_users",		// DNAT any users on the garden_users chain
-    "sysctl -w net.ipv4.ip_conntrack_max=512000 >/dev/null",	// lots of entries
+    "sysctl -w net.ipv4.netfilter.ip_conntrack_max=512000"	// lots of entries
+    	     " net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=18000 >/dev/null", // 5hrs
     NULL,
 };
 

l2tpns.spec

@@ -43,5 +43,5 @@ rm -rf %{buildroot}
 %attr(644,root,root) /usr/share/man/man[58]/*
 
 %changelog
-* Sat Feb 18 2006 Brendan O'Dea <bod@optus.net> 2.1.16-1
+* Thu Feb 23 2006 Brendan O'Dea <bod@optus.net> 2.1.16-1
 - 2.1.16 release, see /usr/share/doc/l2tpns-2.1.16/Changes