On Sun, Sep 15, 2013 at 12:52 AM, Eliezer Croitoru wrote:
> I have found the problem and I will rephrase the problem description:
> While using tproxy the main issue is that the ports of the source IP is
NOPE. As I said before, it's NOT related to TPROXY code at all. Same
problem exists, even whe
On Sat, Sep 14, 2013 at 11:59 PM, Eliezer Croitoru wrote:
> OK so let's make this experience that you already have as a public
> resource..
here it is: a simple php script that demonstrates the issue:
https://gist.github.com/ngorchilov/6570413#file-s-php
> This way more then just you will have
On 09/14/2013 10:13 PM, Nikolai Gorchilov wrote:
> On Sat, Sep 14, 2013 at 9:36 PM, Eliezer Croitoru
> wrote:
>> Hey,
>>
>> it can be tested in a matter of minutes.
>> If we have some test candidate I will write a small tproxy script to
>> verify the suspect.
>
> The pseudo code I have provided
OK so let's make this experience that you already have as a public
resource..
This way more then just you will have the option to look at it and
understand the real and the main issue.
on what OS again this test was done?
I will compare couple of them to make sure what kernel are we talking
about
On Sat, Sep 14, 2013 at 9:36 PM, Eliezer Croitoru wrote:
> Hey,
>
> it can be tested in a matter of minutes.
> If we have some test candidate I will write a small tproxy script to
> verify the suspect.
The pseudo code I have provided is based on my real-world experiment.
I did the test myself, be
Hey,
it can be tested in a matter of minutes.
If we have some test candidate I will write a small tproxy script to
verify the suspect.
Eliezer
On 09/14/2013 07:39 PM, Nikolai Gorchilov wrote:
> Hi, Eliezer,
>
> On Tue, Sep 10, 2013 at 1:49 AM, Eliezer Croitoru
> wrote:
>> Hey Nickolai,
>>
>>
On Tue, Sep 10, 2013 at 11:51 PM, Alex Rousskov
wrote:
> Hi Niki,
>
> We have seen similar problems with high-performance Web Polygraph
> tests and added an option for Polygraph clients to explicitly manage
> client port assignment instead of relying on kernel's ephemeral ports
> algorithm. Po
Hi, Eliezer,
On Tue, Sep 10, 2013 at 1:49 AM, Eliezer Croitoru wrote:
> Hey Nickolai,
>
> I would try to make sense of what you have seen.
> The tproxy is a very complex feature which by the kernel cannot bind
> double src(ip:port) + dst(ip:port)..
> like let say for example the 10.100.1.100 clie
On 09/09/2013 04:45 AM, Nikolai Gorchilov wrote:
> Seems the issue is not TPROXY related, but kicks in always when a
> socket bind is requested to an IP (local or foreign, doesn't matter)
> without specifying a port number. In this scenario the broken logic of
> the kernel is to take the differenc
Hey Nickolai,
I would try to make sense of what you have seen.
The tproxy is a very complex feature which by the kernel cannot bind
double src(ip:port) + dst(ip:port)..
like let say for example the 10.100.1.100 client tries to connect
2.3.4.5 at port 80.
the client tries once for:
10.100.1.100:545
On Mon, Sep 9, 2013 at 4:41 PM, Antony Stone
wrote:
> On Monday 09 September 2013 at 13:08:00, Nikolai Gorchilov wrote:
>
>> On Mon, Sep 9, 2013 at 4:15 PM, Nikolai Gorchilov wrote:
>> > User's original port seems to be an easy option in TPROXY mode
>>
>> I did a simple test and found the kernel
On Monday 09 September 2013 at 13:08:00, Nikolai Gorchilov wrote:
> On Mon, Sep 9, 2013 at 4:15 PM, Nikolai Gorchilov wrote:
> > User's original port seems to be an easy option in TPROXY mode
>
> I did a simple test and found the kernel will emit EADDRINUSE when you
> bind on user's ip:port... S
On Mon, Sep 9, 2013 at 4:15 PM, Nikolai Gorchilov wrote:
> User's original port seems to be an easy option in TPROXY mode
I did a simple test and found the kernel will emit EADDRINUSE when you
bind on user's ip:port... So, a more complicated solution is needed.
Keeping track of all the used ports
On Sun, Aug 25, 2013 at 7:20 AM, Amos Jeffries wrote:
>> Before digging deeper into the TPROXY kernel code, I'd like to clarify
>> one aspect of squid's behaviour. Do you pass a port number (anything >
>> 0) in inaddr.ai_addr during the bind call? Sorry, I couldn't trace it
>> myself, as I didn't
On 25/08/2013 3:12 a.m., Niki Gorchilov wrote:
Hi, Amos,
I'm working on the same project with Plamen.
squidclient mgr:info |grep HTTP
HTTP/1.1 200 OK
Number of HTTP requests received: 1454792
Average HTTP requests per minute since start: 116719.5
Nice. With stats li
Hi, Amos,
I'm working on the same project with Plamen.
>> squidclient mgr:info |grep HTTP
>> HTTP/1.1 200 OK
>> Number of HTTP requests received: 1454792
>> Average HTTP requests per minute since start: 116719.5
>
>
> Nice. With stats like these would you mind supplying th
On 24/08/2013 9:45 p.m., x-man wrote:
Hi Amos,
I have exactly the same issue as the above described.
Running squid 3.3.8 in TPROXY mode.
In my setup the squid is serving around 1 online subscribers, and this
problem happens when i put the whole HTTP traffic. If I'm redirecting only
half of
Hi Amos,
I have exactly the same issue as the above described.
Running squid 3.3.8 in TPROXY mode.
In my setup the squid is serving around 1 online subscribers, and this
problem happens when i put the whole HTTP traffic. If I'm redirecting only
half of the users - then it works fine.
I gue
18 matches
Mail list logo
