[tproxy] Problem with Tproxy more kernel2.6.22.9

Jan Engelhardt jengelh at computergmbh.de
Fri Jan 11 12:07:48 CET 2008

On Jan 11 2008 12:03, Jan Engelhardt wrote:
>On Jan 11 2008 12:02, Jan Engelhardt wrote:
>>On Jan 11 2008 10:44, Laszlo Attila Toth wrote:
>>>Ming-Ching Tiew írta:
>>>> From: "Welisson" <welissontome at ig.com.br>
>>>>> ===========ERROR Start=============
>>>>> net/netfilter/xt_tproxy.c:48: warning: initialization from incompatible
>>>>> pointer type
>>>>> net/netfilter/xt_tproxy.c:56: warning: initialization from incompatible
>>>>> pointer type
>>>>> ===========ERROR END===============
>>>> You are picking up some unimportant. That's just a warning and it is not 
>>>> the cause of squid not support tproxy4.
>>>> Ignore the warning.
>>>That's right. This is because there is a minor change in the declaration 
>>>of checkentry  member of struct xt_match. TProxy doesn't use the changed 
>>>parameters also this warning can be safely ignored.
>>No it cannot be ignored. If you compile tproxy-4.0.3-2.6.22.tar.gz
>>(which contains 2.6.23 kernel code, though!) with a kernel _prior_ to
>>2.6.23, you may corrupt the stack.

Slight correction again... tproxy-4.0.3-2.6.22 uses _2.6.22_ code, i.e.
int *hotdrop. In kernel 2.6.23 however, hotdrop is bool, and so,
you may get stack corruption because you write 4 rather than 1 byte;
or the unaligned access, because the bool pointer may be something
like 0x03, which is not always int-aligned.

>...or may get an unaligned access on hardware which does not transparently
>handle unaligned accesses like x86 does.

More information about the tproxy mailing list