configure option enable-sslmitm unrecognized

Dustin Wilt

unread,

Dec 12, 2024, 9:20:52 PM12/12/24

to e2guardian

Hey all,

I need some help again. I want to upgrade e2guardian to v5.6, but I'm having trouble, on both v5.5 & v5.6 I get the following:

any version of ./configure containing --enable-sslmitm=yes fails with:

configure: WARNING: unrecognized options: --enable-sslmitm

In fact ./configure --help doesn't even show that as an option.

Please help...

Orion Poplawski

unread,

Dec 13, 2024, 12:08:29 PM12/13/24

to e2gua...@googlegroups.com

So, that's not a failure, that's a warning and my builds complete fine with it. The option was removed and openssl is checked for and configure always.

See https://github.com/e2guardian/e2guardian/issues/806

-- 
Orion Poplawski
he/him/his  - surely the least important thing about me
Manager of IT Systems                      720-772-5637
NWRA, Boulder Office                  FAX: 303-415-9702
3380 Mitchell Lane                       or...@nwra.com
Boulder, CO 80301                 https://www.nwra.com/

Dustin Wilt

unread,

Dec 15, 2024, 4:11:26 PM12/15/24

to e2guardian

Ah, that's good to know, i have another issue then. I compiled it for on an openwrt router vm image. It throws a segmentation fault, I assume it was because of the enable-sslmitm option not being recognized that it didn't compile with it. I get some trash like this:

[64612.124039] e2guardian[15520]: segfault at 0 ip 00007fe4941e8130 sp 00007fe493467200 error 4 in libc.so[7fe4941c2000+4c000]
[64612.125673] Code: c7 45 00 03 00 00 00 b8 4a 00 00 00 eb 25 41 c7 45 00 03 00 00 00 e8 28 66 fe ff 8b 00 eb 14 48 8b 53 08 44 89 63 10 89 6b 14 <48> 8b 12 48 89 13 49 89 1f 48 8b 54 24 48 64 48 2b 14 25 28 00 00
[64688.930384] traps: e2guardian[16225] general protection fault ip:7f65469923a3 sp:7f6545f13828 error:0 in libc.so[7f6546986000+4c000]
[64727.273741] traps: e2guardian[16828] general protection fault ip:7f9d73c413a3 sp:7f9d72fb5828 error:0 in libc.so[7f9d73c35000+4c000]
[65083.145703] traps: e2guardian[18553] general protection fault ip:7f1011dc83a3 sp:7f1011348828 error:0 in libc.so[7f1011dbc000+4c000]
[177704.203907] e2guardian[23152]: segfault at 271000007c9c ip 0000271000007c9c sp 00007f87ebf3c730 error 14
[177704.205459] Code: Unable to access opcode bytes at RIP 0x271000007c72.
[177762.648298] traps: e2guardian[23652] general protection fault ip:7fb10cf7c3a3 sp:7fb10c56e8b8 error:0 in libc.so[7fb10cf70000+4c000]
[178640.977451] e2guardian[25842]: segfault at 271000007c9c ip 0000271000007c9c sp 00007f800d38e730 error 14
[178640.979024] Code: Unable to access opcode bytes at RIP 0x271000007c72.
[178713.470541] e2guardian[26674]: segfault at 271000007c9c ip 0000271000007c9c sp 00007f36294f9730 error 14
[178713.472040] Code: Unable to access opcode bytes at RIP 0x271000007c72.
[178909.673030] traps: e2guardian[27724] general protection fault ip:7f7858811a8a sp:7f7855587220 error:0 in libssl.so.3[7f78587ff000+5a000]
[178974.828006] e2guardian[28205]: segfault at 271000007c9c ip 0000271000007c9c sp 00007fc65c7dc730 error 14
[178974.829583] Code: Unable to access opcode bytes at RIP 0x271000007c72.
[179064.617317] traps: e2guardian[28900] general protection fault ip:7fdd2bd7a030 sp:7fdd2a59e4a8 error:0 in libssl.so.3[7fdd2bd65000+5a000]
[179154.337366] e2guardian[29577]: segfault at 271000007c9c ip 0000271000007c9c sp 00007f78ed94a730 error 14
[179154.339002] Code: Unable to access opcode bytes at RIP 0x271000007c72.
[179207.504801] traps: e2guardian[30362] general protection fault ip:7f91cd8d03a3 sp:7f91cb3698b8 error:0 in libc.so[7f91cd8c4000+4c000]
[179446.163748] traps: e2guardian[31626] general protection fault ip:7f354f6d53a3 sp:7f354c3148b8 error:0 in libc.so[7f354f6c9000+4c000]
[180603.897188] traps: e2guardian[2320] general protection fault ip:7f4edbf106e5 sp:7f4edb6276d8 error:0 in libssl.so.3[7f4edbefe000+5a000]

I'll have to delve deeper then. Other than the /etc/e2guardian conf files and the /usr/sbin/e2guardian binary there aren't any other helper files required are there? I have to implicitly add the files to copy to the openwrt packages.

Thanks,

Dustin Wilt

unread,

Dec 25, 2024, 10:13:39 PM12/25/24

to e2guardian

Alright, so I tried several versions in the following order.

5.3 - This was what I was on and was working OK until it broke and I decided to upgrade from openwrt 19 and it to the latest. Later I've noted the breakage was apparently the hardcoded generatedcertstart...

5.6 - Fails to work with transparent mitm 443 forwarded to 8443 on openwrt 23, segmentation fault, with the garbage in the previous thread.

5.5 - Same, seg fault on transparent mitm (openwrt23)

5.4 - This seems to work fine. (openwrt23)

Please let me know what I can do to help you help me get it working please:).

Thanks,

Dustin Wilt

unread,

Feb 8, 2025, 1:35:15 PMFeb 8

to e2guardian

Has anybody had a chance to investigate why 5.5 & 5.6 want to segfault in an openwrt 23 build while 5.4 still works? Please...

Philip Pearce

unread,

Feb 9, 2025, 2:09:44 AMFeb 9

to Dustin Wilt, e2guardian

Have you tried with v5.5.7r?

See https://github.com/e2guardian/e2guardian/issues/833#issuecomment-2578875652

Regards

Philip

--
E2guardian:
https://groups.google.com/d/forum/e2guardian
Github:
https://github.com/e2guardian/e2guardian
Follow us on twitter:
https://twitter.com/e2guardian
---
You received this message because you are subscribed to the Google Groups "e2guardian" group.
To unsubscribe from this group and stop receiving emails from it, send an email to e2guardian+...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/e2guardian/a803a822-75fb-48b6-a984-1d82ce863732n%40googlegroups.com.

Reply all

Reply to author

Forward