[tor-talk] tor/netfilter: packets without uid
coderman
coderman at gmail.com
Fri May 11 23:43:43 UTC 2012
On Thu, May 10, 2012 at 8:52 PM, Marsh Ray <marsh at extendedsubset.com> wrote:
> ...
>> How is it possible for a packet not to have an associated uid?
>...
> I'm not a netfilter expert, but it looks this is a pure TCP ACK packet. With
> LEN=40 there's no application data in it. It may have been auto-generated by
> the kernel as a reply to the external packet and never tagged with a user
> for that reason.
if the application closes a socket there are time wait states that
retain the socket ip:port endpoint in kernel land without an
associated application user ID.
try disabling time wait to confirm. if it is indeed sockets locally
closed but still receiving (and ACK'ing) you may get a little extra
bandwidth dropping them (remote re-sends until timeout) but it
shouldn't affect functionality.
More information about the tor-talk
mailing list