Hi, 2005-02-03, cs keltezéssel 00.00-kor Siming Li ezt írta:
Due to lots of system code depending on kernel 2.4.20, so it's not easy for me to try the latest vresion right away.
From the view of tproxy source code, what's the extra effort when using foreign-connect? (more conntrack or NAT lookup?) It may give me so hints about this problem.
Theoretically it's one extra hash lookup per connection (tproxy has its own hashtable). However, older versions of tproxy scanned the whole conntrack table on connection teardown, so it may be perfectly possible that this is the culprit in your case. The version you're using is really, really old, newer versions have fixed lots of bugs. This is why I suggested trying 1.2.1 instead of trying to fix that old version - probably you don't need that many changes to backport the 1.2.1 version. (A release for 2.4.22 is available.) -- Regards, Krisztian Kovacs