[tproxy] tproxy bind failed - limit of TPROXY bind
elyasaf
elyasaf at icomsw.com
Wed May 6 13:41:38 CEST 2009
The tproxy bind is limit to only about 28219 socket
I use TPROXY-4 (with the latest patch including latest udp patch too)
Linux version 2.6.28.9
This is some sample test case:
#define IP_TRANSPARENT 19
int main(){
int i,fd[100000],flag=1;
struct sockaddr_in local_addr;
bzero(&local_addr,sizeof(local_addr));
local_addr.sin_family = AF_INET;
local_addr.sin_addr.s_addr=0xd0000000;
for(i=0;i<100000;i++){
if((fd[i]=socket(AF_INET,SOCK_STREAM,0))<0){
printf("creating socket %d failed\n",i);
exit(0);
}
if(setsockopt(fd[i],SOL_IP,IP_TRANSPARENT,&flag,sizeof(int))<0){
printf("set transparent to the %d socket (fd=%d)
failed\n",i,fd[i]);
exit(0);
}
local_addr.sin_port=0;
if(bind(fd[i],(struct sockaddr
*)&local_addr,sizeof(local_addr))<0){
perror("bind - error");
printf("bind for the %d socket (fd=%d)
failed\nipport -
%s:%d\n",i,fd[i],inet_ntoa(local_addr.sin_addr),htons(local_addr.sin_port));
exit(0);
}
local_addr.sin_addr.s_addr++;
}
}
The result:
bind - error: Address already in use
bind for the 28223 socket (fd=28226) failed
ipport - 63.110.0.208:0
Why this low limit? Can I configure something to by-pass it? If not, have
chance to fix this bug?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20090506/7d8609c3/attachment.htm
More information about the tproxy
mailing list