Hi,
A serious bug has been found in TProxy version 2.0.2 running on Linux
2.6 kernels, which has lead to an instantaneous deadlock on SMP
systems. The 2.0.2 patch for Linux 2.4 did not contain this bug, so
there's no 2.0.3 release for Linux 2.4.
The release also contains an updated iptables (userspace) patch
contributed by Jan Engelhardt.
The release tarball is available here:
http://www.balabit.com/downloads/tproxy/
MD5 checksum of the release tarball:
48c4b64a73315ba58413d0f2f1f4067f cttproxy-2.6.14-2.0.3.tar.gz
--
Regards,
Krisztian Kovacs
I have applied the tproxy 2.6.12-2.0.2. patch on
2.6.11-hardened-r15 (Gentoo SElinux default kernel).
The patch applied almost clean I have to fix some
Make files but no other major problem. When the kernel
is compiled with SMP support the kernel freeze when
the j TPROXY rule is hit by any package more exactly
is crash on a writelock.
The last line is executed is in ip_nat_core.c
if (have_to_hash) {
unsigned int srchash
=
hash_by_src(&conntrack->tuplehash[IP_CT_DIR_ORIGINAL]
.tuple);
WRITE_LOCK(&ip_nat_lock); <-- here is
hangs
list_add(&info->bysource,
&bysource[srchash]);
WRITE_UNLOCK(&ip_nat_lock);
}
I have tried the compiling the kernel without SMP and
is almost working I get some kernel panic even with
no tproxy rule at all But I didnt have time to
investigate .
Anybody manage to apply the patch on 2.6.11 kernel ?
I have spent a lot of time applying a lot of patched
on this kernel (I intended to use it in a extremely
experimental network) so I am not too happy to change
it because until now I never have problems with it. Do
I have any chance to make it work or should I use a
clean vanilla kernel sources.
Sorry if is sounds kind of stupid applying a patch
for kernel 2.6.12 on a 2.6.11 that is already
extremely blotted with other patches.
P.S: The problems manifests even with the stock
hardened Gentoo kernel with no others patched but the
one from the portage. (Not in enforce mode)
__________________________________
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com