Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw sockets

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Felipe W Damasio

Subject: Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw sockets

Date: Friday, July 9, 2010 - 8:18 pm

Hi Mr. Dumazet,

2010/7/9 Eric Dumazet <eric.dumazet@gmail.com>:
quoted text> Reviewing tproxy stuff I spotted a problem in nf_tproxy_assign_sock()
> but I could not see how it could explain your crash.
>
> We can read uninitialized memory and trigger a fault in
> nf_tproxy_assign_sock(), not later in tcp_recvmsg()...
>
> David, Patrick, what do you think ?

But do you think that the bug that squid triggered was caused by the
TProxy code?

Or is related to the network-stack in some other point.

I don't know if this helps, but I'm using ebtables to remove the
packets from the bridge, and iptables to redirect the traffic to
squid.

ebtables rules are:

-p IPv4 -i eth0 --ip-proto tcp --ip-dport 80 -j redirect  --redirect-target DROP
-p IPv4 -i eth1 --ip-proto tcp --ip-sport 80 -j redirect  --redirect-target DROP


iptables -t mangle -L -n is:

iptables -t mangle -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DIVERT     tcp  --  0.0.0.0/0            0.0.0.0/0           socket
extrachain  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:80 ctstate NEW
TPROXY     tcp  --  0.0.0.0/0           !201.40.162.5        tcp
dpt:80 connmark match 0x0 TPROXY redirect 127.0.0.1:3127 mark 0x1/0x1
TPROXY     tcp  --  0.0.0.0/0           !201.40.162.5        tcp
dpt:80 connmark match 0x1 TPROXY redirect 127.0.0.1:3128 mark 0x1/0x1
TPROXY     tcp  --  0.0.0.0/0           !201.40.162.5        tcp
dpt:80 connmark match 0x2 TPROXY redirect 127.0.0.1:3129 mark 0x1/0x1

Chain DIVERT (1 references)
target     prot opt source               destination
MARK       all  --  0.0.0.0/0            0.0.0.0/0           MARK xset
0x1/0xffffffff
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain extrachain (1 references)
target     prot opt source               destination
CONNMARK   all  --  0.0.0.0/0            0.0.0.0/0           statistic
mode nth every 35 CONNMARK and 0x0
CONNMARK   all  --  0.0.0.0/0            0.0.0.0/0           statistic
mode nth every 35 packet 1 CONNMARK xset 0x1/0xffffffff
CONNMARK   all  --  0.0.0.0/0            0.0.0.0/0           statistic
mode nth every 35 packet 2 CONNMARK xset 0x2/0xffffffff

Don't know if the code on these can be traced back to tcp_recvmsg()
accessing some wrong memory address...

Cheers,

Felipe Damasio
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Squid hang up on 2.6.34, Felipe W Damasio, (Thu Jul 8, 12:03 pm)

Re: Squid hang up on 2.6.34, Felipe W Damasio, (Thu Jul 8, 2:30 pm)

Re: Squid hang up on 2.6.34, Eric Dumazet, (Thu Jul 8, 3:06 pm)

Re: Squid hang up on 2.6.34, Eric Dumazet, (Thu Jul 8, 3:08 pm)

Re: Squid hang up on 2.6.34, Felipe W Damasio, (Fri Jul 9, 8:03 am)

Re: Squid hang up on 2.6.34, Felipe W Damasio, (Fri Jul 9, 9:03 am)

[PATCH] tproxy: nf_tproxy_assign_sock() can handle tw sockets, Eric Dumazet, (Fri Jul 9, 10:13 am)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., David Miller, (Fri Jul 9, 10:53 am)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Felipe W Damasio, (Fri Jul 9, 11:16 am)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Felipe W Damasio, (Fri Jul 9, 8:18 pm)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Eric Dumazet, (Fri Jul 9, 11:17 pm)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., David Miller, (Sat Jul 10, 12:30 pm)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Felipe W Damasio, (Sat Jul 10, 8:11 pm)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Avi Kivity, (Sat Jul 10, 10:19 pm)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Felipe W Damasio, (Sun Jul 11, 12:11 am)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Felipe W Damasio, (Sun Jul 11, 12:13 am)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Eric Dumazet, (Sun Jul 11, 1:02 am)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Eric Dumazet, (Sun Jul 11, 1:36 am)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Felipe W Damasio, (Sun Jul 11, 5:52 pm)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Felipe W Damasio, (Mon Jul 12, 11:49 am)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Felipe W Damasio, (Tue Jul 13, 7:24 am)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Eric Dumazet, (Tue Jul 13, 7:40 am)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Felipe W Damasio, (Tue Jul 13, 7:49 am)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Eric Dumazet, (Tue Jul 13, 8:49 am)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Felipe W Damasio, (Tue Jul 13, 1:55 pm)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Felipe W Damasio, (Tue Jul 13, 2:06 pm)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Eric Dumazet, (Tue Jul 13, 8:21 pm)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Felipe W Damasio, (Tue Jul 13, 8:27 pm)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Eric Dumazet, (Tue Jul 13, 8:43 pm)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Felipe W Damasio, (Tue Jul 13, 8:51 pm)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Bill Fink, (Tue Jul 13, 11:56 pm)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Patrick McHardy, (Wed Jul 14, 4:41 am)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Felipe W Damasio, (Fri Jul 16, 8:41 am)

Re: [PATCH] tproxy: nf_tproxy_assign_sock() can handle tw ..., Eric Dumazet, (Fri Jul 16, 8:52 am)


linux-kernel:
Greg Kroah-Hartman	[PATCH 041/196] kobject: add kobject_init_and_add function
Lukas Hejtmanek	Re: Another libata error related to OCZ SSD
Greg Kroah-Hartman	[PATCH 023/196] MCP_UCB1200: Convert from class_device to device
Florian Fainelli	Re: System clock runs too fast after 2.6.27 -> 2.6.28.1 upgrade
Christoph Lameter	[patch 1/4] mmu_notifier: Core code
git:
Johannes Schindelin	Re: [PATCH 1/2] Add strbuf_initf()
John Bito	[EGIT] Push to GitHub caused corruption
Jakub Narebski	Re: [PATCH 0/2] gitweb: patch view
Junio C Hamano	Re: [PATCH] When a remote is added but not fetched, tell the user.
Andy Parkins	Re: [RFC] Submodules in GIT
git-commits-head:
Linux Kernel Mailing List	ahci: Workaround HW bug for SB600/700 SATA controller PMP support
Linux Kernel Mailing List	V4L/DVB (11086): au0828: rename macro for currently non-function VBI support
Linux Kernel Mailing List	ceph: client types
Linux Kernel Mailing List	ceph: on-wire types
Linux Kernel Mailing List	crypto: chainiv - Use kcrypto_wq instead of keventd_wq
linux-netdev:
Andrew Morton	Re: [Bugme-new] [Bug 14969] New: b44: WOL does not work in suspended state
Giuseppe CAVALLARO	Re: [PATCH 03/13] stmmac: add the new Header file for stmmac platform data
Taku Izumi	[PATCH 3/3] ixgbe: add registers etc. printout code just before resetting adapters
Eric Dumazet	rps: some comments
Thomas Gleixner	Re: [RFC PATCH 02/12] On Tue, 23 Sep 2008, David Miller wrote:
openbsd-misc:
Stephan Andreas	problems with login after xlock in OpenBSD release 4.7
pmc	Make A Change. Alcoholism and Drug Addiction Treatment
ropers	Re: what exactly is enc0?
Fuad NAHDI	Re: What does your environment look like?
Matthew Szudzik	Typo on OpenBSD 4.4 CD Set