It appears to me that if the data that *should* be generated for this
proc entry is greater than 4k long, then something tramps all over
some bit of memory and crashes the system.
I have had a look at ip_msqhst_procinfo() in net/ipv4/ip_masq.c but
have not identified where the problem is... but I don't entirely
understand how the proc stuff is meant to work :-).
This may not be seen in normal situations, but can be easily caused
by setting up lots of connections (ie using finger) through the
masquerade to an unbound tcp socket. Since TCP RST is not handled by
the masquerade code this leaves one masquerade tunnel per attempt
which hangs around for a full 15 minute timeout.
As a side issue its probably worth doing something different if a RST
is seen - one option is to immediately collapse the masquerade tunnel
since once someone has given an RST there is no reasonable
conversation that can be had!
Nigel.
-- [ Nigel.Metheringham@theplanet.net - Unix Applications Engineer ] [ *Views expressed here are personal and not supported by PLAnet* ] [ PLAnet Online : The White House Tel : +44 113 2345566 x 612 ] [ Melbourne Street, Leeds LS2 7PS UK. Fax : +44 113 2345656 ]