Hi, On Thu, 2010-10-21 at 16:16 +0200, FREY Oliver wrote:

Our product supports either proxying using iptables-REDIRECT-targets and no TPROXY, or using iptables-TPROXY-targets and the TPROXY-support to open the outgoing connection with the client's IP-address.

Everything is working fine and systems are stable and running for months when using the REDIRECT-targets. Also everything looks to run fine when using the TPROXY-targets, but unfortunately within 24-48 hours the system either hangs with a Kernel Panic (we can also see some Soft-Lockup-Warnings before that) or completely hangs, needing a manual reset. Unfortunately we have no Kernel-development/debugging experience, but all the warnings/panics point to kernel-memory-corruption, because by now we had panics in virtually any system-function called that tries to allocate/free kernel-memory - also once we had a Kernel with slab-debug-messages enabled running and got messages that corruption was detected, hours before the system finally paniced.

The latest kernel we tried was 2.6.35.2, we also tried a few versions in between, but stability did not change. At application-level there is not much that has to be done (and can get wrong) to use TPROXY-support, and the calls were implemented according to sample-code.

I do appreciate any help you can provide, as I've run out of ideas what I could do to fix the issue.

Well, there was a report of tproxy-triggered crashes on the linux netdev mailing list a few months ago. It might be the case that you're experiencing the same issue, but it's impossible to tell without knowing more details. We do have a patch which should fix that particular problem so maybe it would be worth giving that patch a try. You can get the patch here: http://git.balabit.hu/?p=hidden/tproxy-2.6.git;a=commit;h=4ccf010bd584174584... Please let me know if you're still having issues after applying the patch. Cheers, Krisztian