[tproxy] sockref leak problem

Balazs Scheidler bazsi at balabit.hu
Sun Jun 10 21:44:18 CEST 2007

On Sun, 2007-06-10 at 20:25 +0800, Daniel wrote:
> hi,
> Recently I tested tproxy with Avanlanche (about 800M/s stress) and some result below:
> 1. deadlock when ip_conntrack_ftp loaded. Plz see my last post and explaination from Balazs Scheidler.
> 2. I tested again without nat_reservation(deadlock disappeared). After 10 hours' stress test, kernel kept giving out exactly the same messages repeatedly:
> IP_TPROXY: socket already assigned, reuse=1, 0a0ba8c0:4c86, sr->faddr=e80ba8c0:0000, flags=10000, sr->tv_hashed=1181425010:475244912
> My questions:
>   Is this sockref leaked?
>   and, what is the situation when a sockref is leaked?

can you tell me your kernel/tproxy version?

The error message above means that the application tries to an address
that already is in the tproxy hash table (e.g. which was allocated
before). This should never happen, as this would indicate that
you have two sockets bound to the same local ip:port

The details of the already registered entry is included in the log

The conflicting local address is and you wanted to
assign with a random port (0 port).

Your flags has ITP_ONCE set, and nothing else, and the entry in the
table was registered at 1181425010.475 secs after the UNIX epoch.

A minor note:
* ITP_ONCE was removed from the latest versions of tproxy, you should
not use that (I don't think removing that would help in your case

Please give me the exact versions you are testing with.


More information about the tproxy mailing list