[zorp] Virtual Private Connection crash kernel with tproxy
Zhou Li
zhou.li at ca-jc.com
Sun Aug 27 04:13:54 CEST 2006
Environment:
Windows 2000 <--> Linux with tproxy <--> VPN server.
Linux kernel is 2.6.15 with cttproxy-2.6.15-2.0.4 all four patch.
When I do Virtual Private Connectio from Win2000 to VPN server, the linux box will be crash,
the following are crashing messages:
Unable to handle kernel paging request at virtual address 00001a0c
printing eip:
*pde = 00000000
Oops: 0002 [#1]
Modules linked in: ebt_vlan ebtable_broute ebtables iptable_tproxy iptable_nat iptable_mangle iptable_filter ipt_tproxy ipt_hashlimit ipt_connlimit ipt_state ipt_pkttype ipt_multiport ipt_mark ipt_length ipt_conntrack ipt_TPROXY ipt_REJECT ipt_LOG ip_queue ip_nat_snmp_basic ip_nat_pptp ip_nat_irc ip_nat_ftp ip_nat ip_conntrack_pptp ip_conntrack_irc ip_conntrack_ftp ip_conntrack nfnetlink ip_tables e100 mii bridge usbhid dm_mod isofs ide_cd cdrom ide_disk agpgart i2c_i801 uhci_hcd usbcore piix ide_core shpchp i2c_i810 i2c_algo_bit i2c_core
CPU: 0
EIP: 0060:[<e09fe73d>] Not tainted VLI
EFLAGS: 00010212 (2.6.15.6-3tr)
EIP is at ip_nat_reserved_unregister_all+0x2c/0x6f [ip_nat]
eax: d78016e8 ebx: d78016f0 ecx: 00000000 edx: 00001a08
esi: d78016f0 edi: d7801630 ebp: e08b9bc0 esp: c032dd20
ds: 007b es: 007b ss: 0068
Process swapper (pid: 0, threadinfo=c032c000 task=c02d9b00)
Stack: d7801630 d7801630 d7801694 e09f3b1a d7801630 d7801630 e09f491a d7801630
d7801630 d7bee838 e09f00a0 d7801630 c011372f de46a030 00000001 00000000
c213e7dc c032e743 a658a8c0 c02f1a08 d7801694 d7bee838 c032dda8 e08b8053
Call Trace:
[<e09f3b1a>] ip_ct_unlink_expect+0x34/0x3f [ip_conntrack]
[<e09f491a>] ip_conntrack_unexpect_related+0xbb/0xdb [ip_conntrack]
[<e09f00a0>] pptp_nat_expected+0xa0/0x153 [ip_nat_pptp]
[<c011372f>] __wake_up_common+0x2b/0x47
[<c032e743>] readonly+0xd/0x17
[<e08b8053>] pptp_expectfn+0x53/0x5a [ip_conntrack_pptp]
[<e09f3c65>] find_expectation+0x87/0x98 [ip_conntrack]
[<e09f463b>] init_conntrack+0xf9/0x112 [ip_conntrack]
[<c032e743>] readonly+0xd/0x17
[<e09f4735>] ip_conntrack_in+0xe1/0x1ea [ip_conntrack]
[<e09d15f2>] br_nf_pre_routing_finish+0x0/0x2c0 [bridge]
[<c0255926>] nf_iterate+0x3f/0x5f
[<e09d15f2>] br_nf_pre_routing_finish+0x0/0x2c0 [bridge]
[<c025598d>] nf_hook_slow+0x47/0xc4
[<e09d15f2>] br_nf_pre_routing_finish+0x0/0x2c0 [bridge]
[<e09ce4ff>] br_handle_frame_finish+0x0/0xd4 [bridge]
[<e09d1f34>] br_nf_pre_routing+0x37d/0x39c [bridge]
[<e09d15f2>] br_nf_pre_routing_finish+0x0/0x2c0 [bridge]
[<c0255926>] nf_iterate+0x3f/0x5f
[<e09ce4ff>] br_handle_frame_finish+0x0/0xd4 [bridge]
[<c025598d>] nf_hook_slow+0x47/0xc4
[<e09ce4ff>] br_handle_frame_finish+0x0/0xd4 [bridge]
[<e09ce738>] br_handle_frame+0x165/0x1a9 [bridge]
[<e09ce4ff>] br_handle_frame_finish+0x0/0xd4 [bridge]
[<c0244c20>] netif_receive_skb+0x106/0x1cb
[<e09da384>] e100_poll+0x1e1/0x53f [e100]
[<c0244e15>] net_rx_action+0x59/0xc6
[<c01197c8>] __do_softirq+0x34/0x7d
[<c0119833>] do_softirq+0x22/0x26
[<c0104e47>] do_IRQ+0x47/0x4f
[<c01039ba>] common_interrupt+0x1a/0x20
[<c0101047>] default_idle+0x2b/0x53
[<c01010bc>] cpu_idle+0x39/0x4e
[<c032e658>] start_kernel+0x176/0x178
Code: 56 53 b8 00 e0 ff ff 8b 7c 24 10 21 e0 81 40 14 00 01 00 00 8b 77 5c 8d 47 5c 39 c6 74 48 8d 46 f8 8b 36 8b 48 04 8b 10 8d 58 08 <89> 4a 04 89 11 c7 40 04 00 02 20 00 8b 50 08 8b 4b 04 c7 00 00
<0>Kernel panic - not syncing: Fatal exception in interrupt
It is seem crash by nat reserved, so I disable NAT reservations in kernel config and recompile it then test it again,
It will not be crash, but I don't konw if tproxy will work well without 01-nat_reservations?
// Zhou Li
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/zorp/attachments/20060827/2249b3e3/attachment.html
More information about the zorp
mailing list