[tproxy] 2.6.12 patch on 2.6.11 kernel

KOVACS Krisztian hidden at balabit.hu
Wed Nov 2 08:51:43 CET 2005


On Wednesday 02 November 2005 00.02, Tudor Alexandru Dragos wrote:
> Make files but no other major problem. When the kernel
> is compiled with SMP support the kernel freeze when
> the –j TPROXY rule is hit by any package 
more exactly
> is crash on a writelock.
> The last line is executed is in ip_nat_core.c
>         if (have_to_hash) {
>                 unsigned int srchash
>                         =
> hash_by_src(&conntrack->tuplehash[IP_CT_DIR_ORIGINAL]
>                                       .tuple);
>                 WRITE_LOCK(&ip_nat_lock); <-- here is
> hangs
>                 list_add(&info->bysource,
> &bysource[srchash]);
>                 WRITE_UNLOCK(&ip_nat_lock);
>         }
> I have tried the compiling the kernel without SMP and
> is almost working 
 I get some kernel panic even with
> no tproxy rule at all But I didn’t have time to
> investigate

  Uh, I've found exactly the same problem last friday, but did not have 
time to release a new patch before my four-day-long weekend. Sorry 
about this, I'll create an updated release today.

> Anybody manage to apply the patch on 2.6.11 kernel ?
> I have spent a lot of time applying a lot of patched
> on this kernel (I intended to use it in a extremely
> experimental network) so I am not too happy to change
> it because until now I never have problems with it. Do
> I have any chance to make it work or should I use a
> clean vanilla kernel sources.
> Sorry if is sound’s kind of stupid applying a patch
> for kernel 2.6.12 on a 2.6.11 that is already
> extremely blotted with other patches.

  Differences in the tproxy patch between 2.6.11 and 2.6.12 were quite 
small, so applying the patch should be easy. I don't say it will work 
out-of-the-box, but there shouldn't be any serious incompatibilities. 
(Like those between 2.6.10 and 2.6.11.)

  Krisztian Kovacs

More information about the tproxy mailing list