|
On Fri, Dec 02, 2005 at 11:43:46AM +0200, Julian Anastasov wrote:
>
> Hello,
>
> On Thu, 1 Dec 2005, Horms wrote:
>
> > I finally got around to preparing the backport and patch for Dave,
> > and in the course of doing this I realises that as long as
> > ip_vs_conn_expire() doesn't reeset the timer, the problem goes away.
> > This is because the problem is not how long the persistance entry
> > stays around, but rather that it changes from the user-configured
> > value.
>
> I think that code such as:
>
> if (cp->flags & IP_VS_CONN_F_TEMPLATE)
> cp->timeout = 10*HZ;
>
> better serves the idea not to extend the persistence with
> the user-defined period, say, with another 30mins. But i'm not sure
> which is the better variant. Your last patch is valid for the case
> that extends the persistence with user-defined value on any activity,
> even to cover the FIN WAIT period. So, without the above code and
> without any sysctl vars, for me, your patch looks more valid even
> if some people with short persistence timeout and big FIN_WAIT
> periods are not happy. It means that we give another 30mins to
> the SSL client to create other connections in same session, not
> 10 or 60 seconds.
Yes, I'm concerned that giving 10 or 60 seconds would be the wrong
thing to do. Are you sure that there is no way to invalidate the
template at this point, that way we could give it a very short time out,
and not worry that would affect any future connection handling.
--
Horms
|
