lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Nov 2009 18:19:24 +0100 From: Andreas Schultz <aschultz@...p10.net> To: KOVACS Krisztian <hidden@...abit.hu> Cc: tproxy@...ts.balabit.hu, netdev@...r.kernel.org, jamal <hadi@...erus.ca> Subject: Re: [tproxy,regression] tproxy broken in 2.6.32 Hi, git bisect shows that TPROXY has been broken by commit f7c6fd2465d8e6f4f89c5d1262da10b4a6d499d0, [PATCH] net: Fix RPF to work with policy routing I had a look at the patch, and it seems logical that this would break TPROXY. Andreas On Wed, Nov 25, 2009 at 9:23 AM, KOVACS Krisztian <hidden@...abit.hu> wrote: > Hi, > > On Mon, 2009-11-23 at 13:43 +0100, Andreas Schultz wrote: >> I was trying to replace a setup based on a 2.6.27.14 kernel with a >> 2.6.32-rc8 kernel and found that TPROXY is no longer working. >> >> The 2.6.27.14 kernel had the last stable tproxy patch plus some >> additional fixes (TIME_WAIT, inet_sk_flowi_flags). >> Since 2.6.32 is supposed to have working tproxy support, i dropped all patches. >> >> Now, connections to the local tproxy port no longer arrive at that port. >> From the kernel log: >> >> Nov 23 12:32:31 scg01-wiwob user.debug kernel: tproxy socket lookup: >> proto 6 ac19c4df:49175 -> c0a80208:80, lookup type: 2, sock (null) >> Nov 23 12:32:31 scg01-wiwob user.debug kernel: tproxy socket lookup: >> proto 6 ac19c4df:49175 -> c0a80208:3128, lookup type: 1, sock debae040 >> Nov 23 12:32:31 scg01-wiwob user.debug kernel: redirecting: proto 6 >> c0a80208:80 -> 00000000:3128, mark: 880400a0 >> >> >> The redirecting message is the last indication of the packet. tcpdump >> shows that no answer for the initial packet goes out and the listening >> socket it not notified either. > > I'll have a look at this. In the meantime, could you please post your > kernel config, along with a summary of the iptables & ip rules you're > using? > > Cheers, > Krisztian > > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists