[tproxy] tproxy broken in 2.6.32
KOVACS Krisztian
hidden at balabit.hu
Wed Nov 25 09:23:54 CET 2009
Hi,
On Mon, 2009-11-23 at 13:43 +0100, Andreas Schultz wrote:
> I was trying to replace a setup based on a 2.6.27.14 kernel with a
> 2.6.32-rc8 kernel and found that TPROXY is no longer working.
>
> The 2.6.27.14 kernel had the last stable tproxy patch plus some
> additional fixes (TIME_WAIT, inet_sk_flowi_flags).
> Since 2.6.32 is supposed to have working tproxy support, i dropped all patches.
>
> Now, connections to the local tproxy port no longer arrive at that port.
> From the kernel log:
>
> Nov 23 12:32:31 scg01-wiwob user.debug kernel: tproxy socket lookup:
> proto 6 ac19c4df:49175 -> c0a80208:80, lookup type: 2, sock (null)
> Nov 23 12:32:31 scg01-wiwob user.debug kernel: tproxy socket lookup:
> proto 6 ac19c4df:49175 -> c0a80208:3128, lookup type: 1, sock debae040
> Nov 23 12:32:31 scg01-wiwob user.debug kernel: redirecting: proto 6
> c0a80208:80 -> 00000000:3128, mark: 880400a0
>
>
> The redirecting message is the last indication of the packet. tcpdump
> shows that no answer for the initial packet goes out and the listening
> socket it not notified either.
I'll have a look at this. In the meantime, could you please post your
kernel config, along with a summary of the iptables & ip rules you're
using?
Cheers,
Krisztian
More information about the tproxy
mailing list