[tor-talk] tor/netfilter: packets without uid
coderman
coderman at gmail.com
Sat May 12 03:09:07 UTC 2012
On Fri, May 11, 2012 at 7:52 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>...
> If this is actually the case, I'd say that this is a kernel bug. :(
some would call it a kernel "feature" to conserve memory space already
wasted on TIME_WAIT. not everything is designed around your
particular use case. (it is not uncommon to find systems with 32k to
100k's of connections in time wait state at high throughout. a few
more bytes each adds up!)
> The best bet is probably to ensure that _all_ packets, regardless of UID
> are sent over Tor and only specific UID's are _excepted_ from the policy.
this is the better option, and fails safe.
it's been years and still transparent proxy modes are black magic. one
day we'll figure this out, right?
;)
More information about the tor-talk
mailing list