[zorp] Virtual Private Connection crash kernel with tproxy

Zhou Li zhou.li at ca-jc.com
Sun Aug 27 04:13:54 CEST 2006

  Windows 2000 <--> Linux with tproxy <--> VPN server.

Linux kernel is 2.6.15 with cttproxy-2.6.15-2.0.4 all four patch.
When I do Virtual Private Connectio from Win2000 to VPN server, the linux box will be crash, 
the following are crashing messages:

Unable to handle kernel paging request at virtual address 00001a0c
 printing eip:
*pde = 00000000
Oops: 0002 [#1]
Modules linked in: ebt_vlan ebtable_broute ebtables iptable_tproxy iptable_nat iptable_mangle iptable_filter ipt_tproxy ipt_hashlimit ipt_connlimit ipt_state ipt_pkttype ipt_multiport ipt_mark ipt_length ipt_conntrack ipt_TPROXY ipt_REJECT ipt_LOG ip_queue ip_nat_snmp_basic ip_nat_pptp ip_nat_irc ip_nat_ftp ip_nat ip_conntrack_pptp ip_conntrack_irc ip_conntrack_ftp ip_conntrack nfnetlink ip_tables e100 mii bridge usbhid dm_mod isofs ide_cd cdrom ide_disk agpgart i2c_i801 uhci_hcd usbcore piix ide_core shpchp i2c_i810 i2c_algo_bit i2c_core
CPU:    0
EIP:    0060:[<e09fe73d>]    Not tainted VLI
EFLAGS: 00010212   ( 
EIP is at ip_nat_reserved_unregister_all+0x2c/0x6f [ip_nat]
eax: d78016e8   ebx: d78016f0   ecx: 00000000   edx: 00001a08
esi: d78016f0   edi: d7801630   ebp: e08b9bc0   esp: c032dd20
ds: 007b   es: 007b   ss: 0068
Process swapper (pid: 0, threadinfo=c032c000 task=c02d9b00)
Stack: d7801630 d7801630 d7801694 e09f3b1a d7801630 d7801630 e09f491a d7801630 
       d7801630 d7bee838 e09f00a0 d7801630 c011372f de46a030 00000001 00000000 
       c213e7dc c032e743 a658a8c0 c02f1a08 d7801694 d7bee838 c032dda8 e08b8053 
Call Trace:
 [<e09f3b1a>] ip_ct_unlink_expect+0x34/0x3f [ip_conntrack]
 [<e09f491a>] ip_conntrack_unexpect_related+0xbb/0xdb [ip_conntrack]
 [<e09f00a0>] pptp_nat_expected+0xa0/0x153 [ip_nat_pptp]
 [<c011372f>] __wake_up_common+0x2b/0x47
 [<c032e743>] readonly+0xd/0x17
 [<e08b8053>] pptp_expectfn+0x53/0x5a [ip_conntrack_pptp]
 [<e09f3c65>] find_expectation+0x87/0x98 [ip_conntrack]
 [<e09f463b>] init_conntrack+0xf9/0x112 [ip_conntrack]
 [<c032e743>] readonly+0xd/0x17
 [<e09f4735>] ip_conntrack_in+0xe1/0x1ea [ip_conntrack]
 [<e09d15f2>] br_nf_pre_routing_finish+0x0/0x2c0 [bridge]
 [<c0255926>] nf_iterate+0x3f/0x5f
 [<e09d15f2>] br_nf_pre_routing_finish+0x0/0x2c0 [bridge]
 [<c025598d>] nf_hook_slow+0x47/0xc4
 [<e09d15f2>] br_nf_pre_routing_finish+0x0/0x2c0 [bridge]
 [<e09ce4ff>] br_handle_frame_finish+0x0/0xd4 [bridge]
 [<e09d1f34>] br_nf_pre_routing+0x37d/0x39c [bridge]
 [<e09d15f2>] br_nf_pre_routing_finish+0x0/0x2c0 [bridge]
 [<c0255926>] nf_iterate+0x3f/0x5f
 [<e09ce4ff>] br_handle_frame_finish+0x0/0xd4 [bridge]
 [<c025598d>] nf_hook_slow+0x47/0xc4
 [<e09ce4ff>] br_handle_frame_finish+0x0/0xd4 [bridge]
 [<e09ce738>] br_handle_frame+0x165/0x1a9 [bridge]
 [<e09ce4ff>] br_handle_frame_finish+0x0/0xd4 [bridge]
 [<c0244c20>] netif_receive_skb+0x106/0x1cb
 [<e09da384>] e100_poll+0x1e1/0x53f [e100]
 [<c0244e15>] net_rx_action+0x59/0xc6
 [<c01197c8>] __do_softirq+0x34/0x7d
 [<c0119833>] do_softirq+0x22/0x26
 [<c0104e47>] do_IRQ+0x47/0x4f
 [<c01039ba>] common_interrupt+0x1a/0x20
 [<c0101047>] default_idle+0x2b/0x53
 [<c01010bc>] cpu_idle+0x39/0x4e
 [<c032e658>] start_kernel+0x176/0x178
Code: 56 53 b8 00 e0 ff ff 8b 7c 24 10 21 e0 81 40 14 00 01 00 00 8b 77 5c 8d 47 5c 39 c6 74 48 8d 46 f8 8b 36 8b 48 04 8b 10 8d 58 08 <89> 4a 04 89 11 c7 40 04 00 02 20 00 8b 50 08 8b 4b 04 c7 00 00 
 <0>Kernel panic - not syncing: Fatal exception in interrupt

It is seem crash by nat reserved, so I disable NAT reservations in kernel config and recompile it then test it again,
It will not be crash, but I don't konw if tproxy will work well without 01-nat_reservations?

// Zhou Li
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/zorp/attachments/20060827/2249b3e3/attachment.html

More information about the zorp mailing list