>> perhaps you're hitting this problem?: >> http://marc.info/?l=netfilter-devel&m=129016166319433&w=2 >> It triggers when your receive a 2nd UDP packet with the same >> address/port pair while the 1st packet is still queued. > > Fabien, to confirm that this is the problem, please use the following rule: > iptables -A OUTPUT -t raw -p udp --dport 53 -j NFQUEUE --queue-num 666 > and retest. Let us know if that fixed it. Yes, that fixed it, thank you for the information! It's just a bit sad not being able to use conntracking, it avoided some packets going through userland once one had already been accepted on the same source ip/port. Do you think it's not technically possible to fix that race condition in a proper way? Fabien -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
