[tproxy] TIME_WAIT / LAST_ACK Problem
KOVACS Krisztian
hidden at balabit.hu
Tue Nov 15 10:11:04 CET 2011
Hi,
On Mon 14 Nov 2011 12:57:45 PM CET, Simon James wrote:
> The problem seems to arise when the server initiates the close of the
> connection.
> In that case, the trace output shows:
>
> 1. the FIN from the server passing through the mangle:OUTPUT,
> filter:OUTPUT and filter:POSTROUTING tables
> 2. a FIN/ACK from the client arriving and passing through
> mangle:PREROUTING, mangle:INPUT and filter:INPUT tables
> 3. a final ACK from the server passing through the mangle:OUTPUT
> tables but getting no further.
This might be related to a problem we've fixed about a month ago in the
upstream kernel:
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=58af19e387d8821927e49be3f467da5e6a0aa8fd
The fix made it into Linux 3.1. Can you somehow give it a try?
(Backporting to your F14 kernel should be fairly trivial, since it's a
one-line change in tcp_minisocks.c.)
--
KOVACS Krisztian
More information about the tproxy
mailing list