From b4ca67c68b8408f29144d78c75613715fab77741 Mon Sep 17 00:00:00 2001
From: Brendan O'Dea <bod@optus.net>
Date: Thu, 23 Feb 2006 01:07:23 +0000
Subject: [PATCH] decrease ip_conntrack_tcp_timeout_established to 5hrs

---
 Changes     | 3 ++-
 garden.c    | 5 +++--
 l2tpns.spec | 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/Changes b/Changes
index 4d40386..75c50bf 100644
--- a/Changes
+++ b/Changes
@@ -1,4 +1,4 @@
-* Sat Feb 18 2006 Brendan O'Dea <bod@optus.net> 2.1.16
+* Thu Feb 23 2006 Brendan O'Dea <bod@optus.net> 2.1.16
 - Send configured magic-no in LCP EchoReq when LCP is opened.
 - Correct addition of single IP to pool (Jonathan Yarden).
 - Ensure session changes from LCP ConfigReq/ConfigNak are sent to cluster.
@@ -6,6 +6,7 @@
 - Avoid endless loop in processipcp, processipv6cp.
 - Additional length checks in processlcp.
 - Allow peer to request a new magic-number, or to disable magic-numbers.
+- Decrease ip_conntrack_tcp_timeout_established to 5hrs (table filling).
 
 * Mon Dec 19 2005 Brendan O'Dea <bod@optus.net> 2.1.15
 - Drop backtrace.
diff --git a/garden.c b/garden.c
index a023399..30439f1 100644
--- a/garden.c
+++ b/garden.c
@@ -9,7 +9,7 @@
 
 /* walled garden */
 
-char const *cvs_id = "$Id: garden.c,v 1.24 2005-10-11 09:04:53 bodea Exp $";
+char const *cvs_id = "$Id: garden.c,v 1.25 2006-02-23 01:07:23 bodea Exp $";
 
 int plugin_api_version = PLUGIN_API_VERSION;
 static struct pluginfuncs *f = 0;
@@ -23,7 +23,8 @@ char *up_commands[] = {
     "iptables -t nat -N garden_users >/dev/null 2>&1",		// Empty chain, users added/removed by garden_session
     "iptables -t nat -F garden_users",
     "iptables -t nat -A PREROUTING -j garden_users",		// DNAT any users on the garden_users chain
-    "sysctl -w net.ipv4.ip_conntrack_max=512000 >/dev/null",	// lots of entries
+    "sysctl -w net.ipv4.netfilter.ip_conntrack_max=512000"	// lots of entries
+    	     " net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=18000 >/dev/null", // 5hrs
     NULL,
 };
 
diff --git a/l2tpns.spec b/l2tpns.spec
index 9ddfa9d..ec4d17c 100644
--- a/l2tpns.spec
+++ b/l2tpns.spec
@@ -43,5 +43,5 @@ rm -rf %{buildroot}
 %attr(644,root,root) /usr/share/man/man[58]/*
 
 %changelog
-* Sat Feb 18 2006 Brendan O'Dea <bod@optus.net> 2.1.16-1
+* Thu Feb 23 2006 Brendan O'Dea <bod@optus.net> 2.1.16-1
 - 2.1.16 release, see /usr/share/doc/l2tpns-2.1.16/Changes
-- 
2.20.1