Broadening the scope of the negative connection cache

Sam Liddicott sam at
Thu May 15 05:45:11 GMT 2008

I think the timeout should relate to the amount of time that will be wasted to timeout again and the exponential decay of how much time has (recently) been wasted.

Iptables connrate match has a good formula.


-----Original Message-----
From: Gerald (Jerry) Carter <jerry at>
Sent: 14 May 2008 18:46
To: Marc VanHeyningen <marc.vanheyningen at>
Cc: samba-technical at
Subject: Re: Broadening the scope of the negative connection cache

Hash: SHA1

Marc VanHeyningen wrote:
> Gerald (Jerry) Carter sed:
>>> The obvious solution would be to migrate the negative 
>>> connection cache to be stored in a different way, probably
>>> as a TDB file.  This would allow every child process to share
>>> the failure information.
>> I believe the easiest way to achieve this is simply to
>> use the gencache API and set a 60 second TTL on entries.
> Sounds good, but a 60 second TTL seems too short to me.  Attempting 
> to find a host and having it fail to respond can take a significant 
> fraction of 60 seconds in some (admittedly unusual) cases.
> Probably the best system is an adaptive one, which increases the 
> TTL of the negative entry the longer the target remains inaccessible,
> but that's more complexity than this situation really warrants.

Anything to reduce timeouts is fine.  Let's just make one
change at a time.  Moving to gencache here is the first step.


Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the samba-technical mailing list