On 05/11/2012 11:09 PM, coderman wrote: > On Fri, May 11, 2012 at 7:52 PM, Jacob Appelbaum <ja...@appelbaum.net> wrote: >> ... >> If this is actually the case, I'd say that this is a kernel bug. :( > > some would call it a kernel "feature" to conserve memory space already > wasted on TIME_WAIT. not everything is designed around your > particular use case. (it is not uncommon to find systems with 32k to > 100k's of connections in time wait state at high throughout. a few > more bytes each adds up!) >
The netfilter uid code is imposing this overhead - I think it's reasonable to tag and stick with a UID rather than leave it blank. > >> The best bet is probably to ensure that _all_ packets, regardless of UID >> are sent over Tor and only specific UID's are _excepted_ from the policy. > > this is the better option, and fails safe. Indeed. > > it's been years and still transparent proxy modes are black magic. one > day we'll figure this out, right? Doubtful. All the best, Jacob _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
