[tproxy] tproxy bind failed - limit of TPROXY bind

Balazs Scheidler bazsi at balabit.hu
Fri May 8 16:37:10 CEST 2009


On Fri, 2009-05-08 at 10:59 +0200, KOVACS Krisztian wrote:
> Hi,
> 
> On cs, máj 07, 2009 at 07:16:44 +0300, elyasaf wrote:
> > You are right, its seems like linux bug
> > I see a patch that fixes it to free bsd, I cant find one to linux too
> > This limit the traffic to only 400mbits for each machine, it is a pity...
> 
> Can you post the output of netstat -antp taken when the problem occurs
> (but the fds are still open)?
> 

the problem is that autobinding in the linux kernel does not take the IP
address into account, thus if a given port is used on _any_ of the IP
addresses, it's not going to be used if you call bind() with port=0.

The only solution I came up with was to find the first available port
from userspace. And/or possibly forwardport this patch:

http://www.ioremap.net/node/104

-- 
Bazsi



More information about the tproxy mailing list