Opened 7 months ago

Closed 6 months ago

#25380 closed defect (wontfix)

Transparent proxy not working with linux kernel 4.15.6

Reported by: vafan Owned by:
Priority: High Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor Version: Tor: 0.3.2.9
Severity: Major Keywords: 033-must, hang, 032-backport, 031-backport-maybe, 029-backport-maybe, 025-backport-maybe, regression?, 033-triage-20180320, 033-included-20180320
Cc: adrelanos@… Actual Points:
Parent ID: Points: 0.5
Reviewer: Sponsor:

Description

I dunno if yous test with da latest kernel but transparent proxy is not working at all with verion 4.15.6

If I were shooting from the hip or throwing darts blindfolded I would probably blame change 8f2f8993e0f69f4f8d5afe3873158f723daacb31 but I am not that kind of person.

The symptoms are tor process gets stuck in the getopt for the original destination address (in connection_edge.c) ipv4 transprarent proxy code and cannot be killed because the system call just sits there UNINTERRUPTIBLE

Child Tickets

TicketStatusOwnerSummaryComponent
#25401closedTransparent proxy stopped working after Linux kernel update to version 4.4.118 that fixes Spectre variant 1Core Tor/Tor
#25465closedTransparent proxy hangs after kernel update to 4.15.6-200.fc26.x86_64Core Tor/Tor

Change History (14)

comment:1 Changed 7 months ago by vafan

Make that change ff225999c603f0efed8fdbb791bab039d133eda2 - same author tho

comment:2 Changed 7 months ago by teor

Keywords: 033-must hang added
Milestone: Tor: 0.3.3.x-final
Points: 0.5

comment:3 Changed 7 months ago by teor

Priority: MediumHigh
Severity: NormalMajor

A few users are experiencing this issue, see #25401

comment:4 Changed 7 months ago by teor

Keywords: 032-backport 031-backport-maybe 029-backport-maybe 025-backport-maybe added
Version: Tor: 0.3.3.2-alphaTor: 0.3.2.9

This also affects multiple versions, perhaps all Tor versions.

comment:5 Changed 7 months ago by nickm

This sounds more like a Linux kernel bug than a bug in our code. Are we doing something wrong here?

comment:6 Changed 7 months ago by nickm

Status: newneeds_information

Marking as "needs_information". The information we need here is: Is this a kernel bug, or are we doing something wrong?

comment:7 Changed 7 months ago by FlinchX

Feel free to add tor-0.3.2.10 to the list of affected versions. I have just tried to reproduce the problem on Slackware64-14.2 with kernel 4.4.118 and tor locks the same way as soon as a program tries to run transparently over it, but works fine when it is used just as socks proxy.

comment:8 Changed 7 months ago by adrelanos

Cc: adrelanos@… added

comment:9 Changed 7 months ago by FlinchX

I can't reproduce the problem on Slackware -current with kernel 4.14.24 and tor-0.3.2.10, tor works fine there, both as socks proxy and is able to route programs transparently.

Situation so far:

tor-0.3.2.9 and 0.3.2.10 do not work with kernel 4.4.118 (from duplicate ticket made by me that was merged into this one)
tor-0.3.2.9 does not work with kernel 4.15.6 (this ticket)
tor-0.3.2.10 works with kernel 4.14.24 (latest setup tested by me)

comment:10 Changed 7 months ago by FlinchX

A few additional details here https://www.linuxquestions.org/questions/slackware-14/address-already-in-use-errors-when-trying-to-restart-tor-4175624554/page2.html#post5829281

kernel 4.4.118 but tor being replaced with another transparent proxy - tinyproxy - which worked fine

comment:11 Changed 6 months ago by nickm

Keywords: regression? added

comment:12 Changed 6 months ago by nickm

Keywords: 033-triage-20180320 added

Marking all tickets reached by current round of 033 triage.

comment:13 Changed 6 months ago by nickm

Keywords: 033-included-20180320 added

Mark 033-must tickets as triaged-in for 0.3.3

comment:14 Changed 6 months ago by dgoulet

Resolution: wontfix
Status: needs_informationclosed

I'm not sure if this should be handled on tor side. Unfortunately, seems the kernel broke this and fixed it later (?). I can see that 4.4.118 is not a thing anymore but rather 4.4.124 is the latest. And I bet they did since 4.14.24 fixed it according to earlier comment.

I'm closing this because there are no actionable items for us. Please re-open if the kernel actually didn't fix it but I would personally avoid having #ifdef on the kernel version...

Note: See TracTickets for help on using tickets.