Hi Jim, 2004-12-20, h keltezéssel 11:48-kor jim@minter.demon.co.uk ezt írta:
hidden@balabit.hu wrote:
OK, thanks, I've downloaded the tarball. BTW, the syslog is indeed not very useful, since it is horribly incomplete...
Sorry :o(. I'm currently recompiling the kernel with a larger log buffer and will rerun the tests and post an updated tarball.
I'm afraid it won't help much, but let's see.
Could you try what happens if you omit the ITP_ONCE flag from the FLAGS setsockopt(), and set only ITP_CONNECT?
OK, in this case we don't get any un-NATted packets at the remote host, but sooner or later one of the processes gets stuck in a connect() call and never returns: presumably every time it attempts to issue a SYN packet, this packet gets lost somewhere? Maybe with proper logging it will be clearer what's going on here.
OK, thanks. So, in the meantime I reproduced the problem (and tested without ITP_ONCE as well). Seems interesting, since I get a lot of "failed to apply NAT mapping" errors... -- Regards, Krisztian KOVACS