- 论坛徽章:
- 0
|
内核版本:2.6.9
给内核打完TRIGGER补丁后,编译正常
加载后 设定 TRIGGER 规则,
iptables -A FORWARD -o eth0 -j TRIGGER --trigger-type out --trigger-proto udp --trigger-match 3000 --trigger-relate 6880-6890
iptables -t nat -A PREROUTING -j TRIGGER --trigger-type dnat
匹配规则,执行--trigger-type dnat 系统崩溃
报告信息如下:Unable to handle kernel paging request at virtual address c7509878
printing eip:
c026c0db
*pde = 00000000
Oops: 0000 [#1]
PREEMPT
Modules linked in:
CPU: 0
EIP: 0060:[<c026c0db>] Not tainted VLI
EFLAGS: 00000256 (2.6.9-papd-2)
eax: 0000ea1a ebx: 00000000 ecx: c1110001 edx: c1c7c000
esi: c1110000 edi: c10f3118 ebp: c10f3080 esp: c1113bd8
ds: 007b es: 007b ss: 0068
Process gpiod (pid: 834, threadinfo=c1112000 task=c117daa0)
Stack: 00000000 c0010000 0202a8c0 0000ea1a ffffffff 327116ac 0000ae08 ba7116ac
0011ea1a 0202a8c0 0000ea1a 327116ac 0011ae08 ba7116ac 0000ea1a 327116ac
0011ae08 327116ac 0000ae08 0202a8c0 0011ea1a c113081e c1113c88 c1113ca8
Call Trace:
[<c02768fb>]
[<c02688ef>]
[<c026b56c>]
[<c0268886>]
[<c026b0ac>]
[<c022f43b>]
[<c022f43b>]
[<c022f43b>]
[<c021e992>]
[<c022f43b>]
[<c022f43b>]
[<c021ed4b>]
[<c022f43b>]
[<c022f1ff>]
[<c022f43b>]
[<c021623e>]
[<c01dbb65>]
[<c0216415>]
[<c011b007>]
[<c011b036>]
[<c0108133>]
[<c01063e8>]
[<c0120c92>]
[<c0105826>]
[<c0210e16>]
[<c0210eb1>]
[<c011b007>]
[<c01126dc>]
[<c01058e8>]
[<c0105ac6>]
Code: c6 44 24 06 01 0f b7 de 66 89 4f 02 8b 44 24 04 6b db 0c 89 44 1f 04 8b 44 24 08 89 44 1f 08 8b 44 24 0c 89 44 1f 0c 8b 54 24 70 <8a> 04 95 78 98 31 c0 88 44 24 05 8b 54 24 38 8b 44 24 34 83 c6
<0>Kernel panic - not syncing: Fatal exception in interrupt
满足 dnat 时执行的代码如下:static unsigned int
trigger_dnat(struct sk_buff **pskb,
unsigned int hooknum,
const struct net_device *in,
const struct net_device *out,
const void *targinfo,
void *userinfo)
{
struct ipt_trigger *found;
const struct iphdr *iph = (*pskb)->nh.iph;
struct tcphdr *tcph = (void *)iph + iph->ihl*4; /* Might be TCP, UDP */
struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo;
struct ip_nat_multi_range newrange;
IP_NF_ASSERT(hooknum == NF_IP_PRE_ROUTING);
/* Check if the trigger-ed range has already existed in 'trigger_list'. */
found = LIST_FIND(&trigger_list, trigger_in_matched,
struct ipt_trigger *, iph->protocol, ntohs(tcph->dest));
if (!found || !found->srcip)
return IPT_CONTINUE; /* We don't block any packet. */
DEBUGP("############# %s ############\n", __FUNCTION__);
found->reply = 1; /* Confirm there has been a reply connection. */
ct = ip_conntrack_get(*pskb, &ctinfo);
IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW));
DEBUGP("%s: got ", __FUNCTION__);
DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
/* Alter the destination of imcoming packet. */
newrange = ((struct ip_nat_multi_range)
{ 1, { { IP_NAT_RANGE_MAP_IPS,
found->srcip, found->srcip,
{ 0 }, { 0 }
} } });
/* Hand modified range to generic setup. */
return ip_nat_setup_info(ct, &newrange, hooknum);
}
调用ip_nat_setup_info时出错,但MASQUERADE中也有此类似代码.
如果将 参数 newrange 换作 targinfo 就不会崩溃
2.4.25运行正常
求各位指点如何调试 |
|
免费注册
发表于 2007-03-29 11:15
