On 28/03/11 18:01, Sam Roberts wrote: > On Mon, Mar 28, 2011 at 5:47 AM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: >> On 25/03/11 01:21, Sam Roberts wrote: >>> >>> Screenshot attached. >>> >>> At the time I had 3 connections to nfnetlink open >>> - a userspace connection tracker >> >> what protocol are you tracking from user-space? > > A dummy protocol for purposes of developing this prototype, I call it > "echo port broker". > > It listens on port 9999 for control connections. An echo port is > requested by the client, and server opens an ephemeral listen port and > returns the number. The client then reconnects to that ephemeral port, > which acts as an echo server. > >> AFAICS, the only way to hit this problem is to have some connection tracking >> helper in the kernel which overlaps your user-space helper, ie. someone is >> attaching a kernel helper to your conntrack. > > That's quite surprising, I've no firewall rules attaching anything > else to port 9999. See a dump of my rule setup at end of mail. Note it > assumes localhost client connects to localhost server. Please, send me the code so I can reproduce the problem here. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
