[tproxy] Virtual Private Connection crash kernel 2.6.17 with cttproxt 2.0.5

Zhou Li zhou.li at ca-jc.com
Wed Sep 13 11:18:16 CEST 2006

Sadly, this bug  still exist in new cttproxy-2.0.5

  Windows 2000 <--> Linux with tproxy <--> VPN server.

Linux kernel is 2.6.17 with cttproxy-2.6.17-2.0.5 all four patch.
When I do Virtual Private Connectio from Win2000 to VPN server, the linux box will be crash, 
the following are crashing messages:

BUG: unable to handle kernel paging request at virtual address 00003f0a
 printing eip:
*pde = 00000000
Oops: 0002 [#1]
Modules linked in: ebt_vlan ebtable_broute ebtables ipt_TPROXY iptable_tproxy iptable_nat iptable_mangle iptable_filter ipt_hashlimit ipt_connlimit xt_state xt_pkttype xt_multiport xt_mark xt_length xt_conntrack ipt_REJECT ipt_LOG ip_queue ip_nat_snmp_basic ip_nat_pptp ip_nat_irc ip_nat_ftp ip_nat ip_conntrack_pptp ip_conntrack_irc ip_conntrack_ftp ip_conntrack nfnetlink ip_tables e100 mii bridge llc usbhid dm_mod sd_mod isofs ide_cd cdrom ide_disk pcspkr i2c_i801 piix ide_core shpchp ehci_hcd uhci_hcd usbcore i2c_i810 i2c_algo_bit i2c_core
CPU:    0
EIP:    0060:[<e0a0773d>]    Not tainted VLI
EFLAGS: 00010212   ( #1) 
EIP is at ip_nat_reserved_unregister_all+0x2c/0x6f [ip_nat]
eax: d76146e8   ebx: d76146f0   ecx: 00000000   edx: 00003f06
esi: d76146f0   edi: d7614630   ebp: e0a04e20   esp: c0345cf0
ds: 007b   es: 007b   ss: 0068
Process swapper (pid: 0, threadinfo=c0344000 task=c02eef80)
Stack: d7614630 d7614630 d7614694 e09f883e d7614630 d7614630 e09f962f d7614630 
       d7614630 d76a305c e09f50a0 d7614630 df6d0f40 d76a3000 00000000 0000002d 
       c213e7dc c034e103 a658a8c0 c02f3f06 d76a305c d7614694 c0345d78 e0a03053 
Call Trace:
 <e09f883e> ip_ct_unlink_expect+0x34/0x3f [ip_conntrack]  <e09f962f> ip_conntrack_unexpect_related+0xbb/0xdb [ip_conntrack]
 <e09f50a0> pptp_nat_expected+0xa0/0x153 [ip_nat_pptp]  <c034e103> init_cyrix+0xcb/0x29c
 <e0a03053> pptp_expectfn+0x53/0x5a [ip_conntrack_pptp]  <e09f8989> find_expectation+0x87/0x98 [ip_conntrack]
 <e09f935c> init_conntrack+0xf9/0x112 [ip_conntrack]  <c034e103> init_cyrix+0xcb/0x29c
 <e09f9453> ip_conntrack_in+0xde/0x1de [ip_conntrack]  <e08ba69f> br_nf_pre_routing_finish+0x0/0x2a5 [bridge]
 <c0262a80> nf_iterate+0x3f/0x5f  <e08ba69f> br_nf_pre_routing_finish+0x0/0x2a5 [bridge]
 <c0262ae7> nf_hook_slow+0x47/0xa7  <e08ba69f> br_nf_pre_routing_finish+0x0/0x2a5 [bridge]
 <e08b76e2> br_handle_frame_finish+0x0/0xe0 [bridge]  <e08baf03> br_nf_pre_routing+0x2f4/0x312 [bridge]
 <e08ba69f> br_nf_pre_routing_finish+0x0/0x2a5 [bridge]  <c0262a80> nf_iterate+0x3f/0x5f
 <e08b76e2> br_handle_frame_finish+0x0/0xe0 [bridge]  <c0262ae7> nf_hook_slow+0x47/0xa7
 <e08b76e2> br_handle_frame_finish+0x0/0xe0 [bridge]  <e08b7921> br_handle_frame+0x133/0x162 [bridge]
 <e08b76e2> br_handle_frame_finish+0x0/0xe0 [bridge]  <c025506c> netif_receive_skb+0x149/0x1f9
 <e09dc8eb> e100_rx_indicate+0x128/0x14b [e100]  <e09dc949> e100_rx_clean+0x3b/0xdf [e100]
 <e09dcc13> e100_poll+0x33/0xab [e100]  <c025524c> net_rx_action+0x59/0xbf
 <c0116e3c> __do_softirq+0x34/0x7d  <c0116ea7> do_softirq+0x22/0x26
 <c01049c7> do_IRQ+0x47/0x4f  <c01033ca> common_interrupt+0x1a/0x20
 <c0100ab7> default_idle+0x2b/0x53  <c0100b2c> cpu_idle+0x39/0x4e
 <c034660a> start_kernel+0x180/0x182 
Code: 56 53 b8 00 e0 ff ff 8b 7c 24 10 21 e0 81 40 14 00 01 00 00 8b 77 5c 8d 47 5c 39 c6 74 48 8d 46 f8 8b 36 8b 48 04 8b 10 8d 58 08 <89> 4a 04 89 11 c7 40 04 00 02 20 00 8b 50 08 8b 4b 04 c7 00 00 
EIP: [<e0a0773d>] ip_nat_reserved_unregister_all+0x2c/0x6f [ip_nat] SS:ESP 0068:c0345cf0
 <0>Kernel panic - not syncing: Fatal exception in interrupt

It is seem crash by nat reserved, so I disable NAT reservations in kernel config and recompile it then test it again,
It will not be crash, but I don't konw if tproxy will work well without 01-nat_reservations?

// Zhou Li
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20060913/6a3cd897/attachment.htm

More information about the tproxy mailing list