[tproxy] EADDRNOTAVAIL from connect, but only sometimes
Balazs Scheidler
bazsi at balabit.hu
Thu Apr 15 10:13:07 CEST 2010
On Sun, 2010-01-10 at 19:46 -0500, Ron Parker wrote:
> Hi,
>
>
>
> We are using the tproxy patch for Linux 2.6.24 (Ubuntu 8.0.4). When
> placing outgoing connections, we use the original socket address
> (4-tuple) in the bind and set SO_REUSEADDR on the socket. The
> sequence we are having difficulty with is:
>
>
>
> · Client connects to transparent proxy
>
> · Transparent proxy connects to remote server
>
> · Normal data transfer…
>
> · Remote server closes the connection (but client connection is
> maintained)
>
> · Transparent proxy attempts to connect again to remote server
> using the original 4-tuple (again)
>
> o Bind succeeds
>
> o Connect fails with EADDRNOTAVAIL
>
>
>
> The original socket is probably in TIME_WAIT at this point. I
> thought the SO_REUSEADDR would take care of the problem. What am I
> missing here?
>
Well, SO_REUSEADDR behaviour is not changed, so if you get EADDRNOTAVAIL
it either means that IP_TRANSPARENT is not enabled, or there's a
conflicting socket still in the socket table.
Are you using using exact port numbers when you bind? It might help to
automatically allocate that.
--
Bazsi
More information about the tproxy
mailing list