Hi All,

 

I have two problems with cttproxy-2.6.14-2.0.3. Please help if you can. Thanks.

 

1.     I have not applied 04-nat_delete.diff to 2.6.14 since I always encounter some errors with it. According to the README, I also have to apply 00-tcp_window_tracking.diff but I did not since it also states that it is included in Linux 2.6.9. I assume 2.6.14 also has it.

 

Apply patch 04-nat_delete.diff

patching file include/linux/netfilter_ipv4/ip_conntrack.h

patching file net/ipv4/netfilter/ip_conntrack_proto_tcp.c

patching file net/ipv4/netfilter/ip_conntrack_standalone.c

patching file net/ipv4/netfilter/ip_nat_core.c

Hunk #3 FAILED at 295.

1 out of 6 hunks FAILED -- saving rejects to file net/ipv4/netfilter/ip_nat_core.c.rej

patching file net/ipv4/netfilter/ip_conntrack_core.c

 

2.     Using 2.6.14 with tproxy patch, I encountered kernel panic under stress testing. Im wondering if anyone had encountered this before and how I can solve this problem?

I have turned on the tproxy options:

      CONFIG_IP_NF_TPROXY=y

      CONFIG_IP_NF_MATCH_TPROXY=y

      CONFIG_IP_NF_TARGET_TPROXY=y

      CONFIG_IP_NF_NAT_NRES=y

 

divide error: 0000 [#1]

SMP

Modules linked in: pgroup ipmi_watchpig ipmi_keypad ipmi_core ipmi_devintf ipmi_si ipmi_msghandler e1000

CPU:    2

EIP:    0060:[<c0274397>]    Tainted: P      VLI

EFLAGS: 00010246   (2.6.14.IWSA-2.5.1000)

EIP is at find_best_ips_proto+0xae/0xbd

eax: b5e2f426   ebx: c0a80106   ecx: 00000000   edx: 00000000

esi: b5e2f426   edi: ffffffff   ebp: e88279a4   esp: e8827934

ds: 007b   es: 007b   ss: 0068

Process iwssd (pid: 2969, threadinfo=e8826000 task=d2b4fa50)

Stack: c039805c e88279a4 c039805c e88279b4 00000000 c027440c e88279a4 c039805c

       e1c758f0 00000000 e1c758f0 e88279b4 e1c758f0 e1c75980 00000000 c02744d9

       e88279a4 e88279b4 c039805c e1c758f0 00000000 e88279b4 e1c759d4 00000000

Call Trace:

 [<c027440c>] get_unique_tuple+0x66/0xc2

 [<c02744d9>] ip_nat_setup_info+0x71/0x1aa

 [<c028a7af>] do_replace+0x35c/0x6d2

 [<c028a7af>] do_replace+0x35c/0x6d2

 [<c027633d>] ip_tproxy_setup_nat_bidir+0xd1/0x152

 [<c0276532>] ip_tproxy_setup_nat+0x31/0x4c

 [<c027676d>] ip_tproxy_fn+0x1d5/0x30c

 [<c0274691>] ip_nat_manip_pkt+0x7f/0xb6

 [<c027473a>] ip_nat_packet+0x72/0x89

 [<f88639eb>] e1000_xmit_frame+0x6df/0xc86 [e1000]

 [<c0283fc8>] br_dev_queue_push_xmit+0x0/0xdf

 [<c027dafa>] nf_iterate+0x3f/0x5f

 [<c0283fc8>] br_dev_queue_push_xmit+0x0/0xdf

 [<c027db61>] nf_hook_slow+0x47/0xcb

 [<c0283fc8>] br_dev_queue_push_xmit+0x0/0xdf

 [<c0288d46>] br_nf_post_routing+0x11c/0x138

 [<c0283fc8>] br_dev_queue_push_xmit+0x0/0xdf

 [<c0283fc8>] br_dev_queue_push_xmit+0x0/0xdf

 [<c027dafa>] nf_iterate+0x3f/0x5f

 … … …

 [<c022dcb5>] release_sock+0xf/0x4f

 [<c024cb78>] tcp_recvmsg+0x65c/0x693

 [<c026819f>] inet_addr_type+0x63/0x92

 [<c02640ca>] inet_stream_connect+0x89/0x14b

 [<c022bb93>] sys_connect+0x5a/0x76

 [<c022ddf4>] sock_common_setsockopt+0x1e/0x22

 [<c022bf1c>] sys_setsockopt+0x58/0x70

 [<c01bfeba>] copy_from_user+0x34/0x5a

 [<c022c3b3>] sys_socketcall+0x78/0x180

 [<c0102439>] syscall_call+0x7/0xb

Code: 05 31 ce 89 f1 29 f2 29 f0 c1 e9 03 31 ca 89 d1 29 d0 29 d6 c1 e1 0a 31 c8 29 c6 c1 e8 0f 29 df 8d 57 01 31 c6 89 d1 89 f0 31 d2 <f7> f1 01 d3 0f cb 89 5d 00 5b 5b 5e 5f 5d c3 55 57 56 53 50 8b

 <0>Kernel panic - not syncing: Fatal exception in interrupt

 

Best Regards,

Eric Chao

TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.