lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 26 Nov 2009 18:19:24 +0100
From:	Andreas Schultz <>
To:	KOVACS Krisztian <>
	jamal <>
Subject: Re: [tproxy,regression] tproxy broken in 2.6.32


git bisect shows that TPROXY has been broken by commit
f7c6fd2465d8e6f4f89c5d1262da10b4a6d499d0, [PATCH] net: Fix RPF to work
with policy routing

I had a look at the patch, and it seems logical that this would break TPROXY.


On Wed, Nov 25, 2009 at 9:23 AM, KOVACS Krisztian <> wrote:
> Hi,
> On Mon, 2009-11-23 at 13:43 +0100, Andreas Schultz wrote:
>> I was trying to replace a setup based on a kernel with a
>> 2.6.32-rc8 kernel and found that TPROXY is no longer working.
>> The kernel had the last stable tproxy patch plus some
>> additional fixes (TIME_WAIT, inet_sk_flowi_flags).
>> Since 2.6.32 is supposed to have working tproxy support, i dropped all patches.
>> Now, connections to the local tproxy port no longer arrive at that port.
>> From the kernel log:
>> Nov 23 12:32:31 scg01-wiwob user.debug kernel: tproxy socket lookup:
>> proto 6 ac19c4df:49175 -> c0a80208:80, lookup type: 2, sock (null)
>> Nov 23 12:32:31 scg01-wiwob user.debug kernel: tproxy socket lookup:
>> proto 6 ac19c4df:49175 -> c0a80208:3128, lookup type: 1, sock debae040
>> Nov 23 12:32:31 scg01-wiwob user.debug kernel: redirecting: proto 6
>> c0a80208:80 -> 00000000:3128, mark: 880400a0
>> The redirecting message is the last indication of the packet. tcpdump
>> shows that no answer for the initial packet goes out and the listening
>> socket it not notified either.
> I'll have a look at this. In the meantime, could you please post your
> kernel config, along with a summary of the iptables & ip rules you're
> using?
> Cheers,
> Krisztian
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists