[tproxy] Problem with Tproxy more kernel2.6.22.9

Laszlo Attila Toth panther at balabit.hu
Fri Jan 11 17:51:11 CET 2008


Jan Engelhardt írta:
> On Jan 11 2008 12:03, Jan Engelhardt wrote:
>> On Jan 11 2008 12:02, Jan Engelhardt wrote:
>>> On Jan 11 2008 10:44, Laszlo Attila Toth wrote:
>>>> Ming-Ching Tiew írta:
>>>>> From: "Welisson" <welissontome at ig.com.br>
>>>>>> ===========ERROR Start=============
>>>>>> net/netfilter/xt_tproxy.c:48: warning: initialization from incompatible
>>>>>> pointer type
>>>>>> net/netfilter/xt_tproxy.c:56: warning: initialization from incompatible
>>>>>> pointer type
>>>>>> ===========ERROR END===============
>>>>> You are picking up some unimportant. That's just a warning and it is not 
>>>>> the cause of squid not support tproxy4.
>>>>>
>>>>> Ignore the warning.
>>>> That's right. This is because there is a minor change in the declaration 
>>>> of checkentry  member of struct xt_match. TProxy doesn't use the changed 
>>>> parameters also this warning can be safely ignored.
>>> No it cannot be ignored. If you compile tproxy-4.0.3-2.6.22.tar.gz
>>> (which contains 2.6.23 kernel code, though!) with a kernel _prior_ to
>>> 2.6.23, you may corrupt the stack.

Ok. I tested it on x86 where the stack corruption didn't occur.

> 
> Slight correction again... tproxy-4.0.3-2.6.22 uses _2.6.22_ code, i.e.
> int *hotdrop. In kernel 2.6.23 however, hotdrop is bool, and so,
> you may get stack corruption because you write 4 rather than 1 byte;
> or the unaligned access, because the bool pointer may be something
> like 0x03, which is not always int-aligned.
> 

I noticed it, thank you.

-- 
Panther


More information about the tproxy mailing list