e2guardian from 5.3 to 5.5 - Listen0_proxy error - Stack overflow error

[Fabricio Guzzy]

Hello everyone,

I am getting error messages with the following (see image)

background:  FreeBSD-14 / pfsense  -  E2guardian 5.3.4 and 5.5.5 compiled from the source code (github)

I tried several different configs with no success.  Sometimes it crashes the daemon, normally when we have the SSL MITM enabled.

I also compiled the version 5.5 from the source, and I got the same LISTEN0_PROXY error.

Any idea?

Thanks

Fabricio

[Sezer]

can you check,dns over 443 or 53 traffic is going proxy 

[Fabricio Guzzy]

Hello Sezer,

I don't have DNS over 443 - Not even using transparent proxy (it's declared proxy config)

I am not sure the 53 here has some relation with the port 53 - I dom't think so.

Thanks anyway

Fabricio.

[Philip Pearce]

Hi Fabricio,

On freeBSD system error 53 is

   53 ECONNABORTED Software	caused connection abort.  A  connection	 abort
	       was caused internal to your host	machine.

So the operating system is reporting a connection abort internal to the operating system.   May be the os needs tuning in some way? Or is being subjected to some form of attack?

Normally this error is recoverable. So the stack error may be due to some other cause. 

Did you try the latest v5.5.5?   The errors you posted are from v5.3.  Can you post those from v5.5.5?

--
E2guardian:
https://groups.google.com/d/forum/e2guardian
Github:
https://github.com/e2guardian/e2guardian
Follow us on twitter:
https://twitter.com/e2guardian
---
You received this message because you are subscribed to the Google Groups "e2guardian" group.
To unsubscribe from this group and stop receiving emails from it, send an email to e2guardian+...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/e2guardian/7e946c96-9028-4e74-82bb-87b86e81eb3an%40googlegroups.com.

[Philip Pearce]

Hi Fabricio,

It looks as if the default type of char may have changed to signed in freebsd-14.  E2guardian expects char to be unsigned.

See https://github.com/e2guardian/e2guardian/issues/810#issuecomment-2129227838.

Can you try adding -funsigned-char to the CXXFLAGS line in src/Makefile and re-compiling to see if that fixes the issue?

Regards

Philip

[Fabricio Guzzy]

Hi Philip.

Sure! I will give it a try.

Thanks - I will be back soon.

Regards

Fabricio

[Fabricio Guzzy]

So... Philip.

I added it, but I think that's not the issue... The error message "LISTEN0_proxy" still appearing from time to time, but it's not crashing anymore. (at least so far), which is great.

 See how my ./configure looks like now:

./configure  'CXXFLAGS=-DFD_SETSIZE=65535' '--localstatedir=/var' '--with-logdir=/var/log' '--with-piddir=/var/run' '--disable-avastd' '--enable-clamd' '--disable-commandline' '--with-newdebug=off' '--enable-dnsauth' '--disable-email' '--disable-icap' '--disable-kavd' '--disable-ntlm' '--enable-sslmitm' '--prefix=/usr/local' '--mandir=/usr/local/man' '--disable-silent-rules' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd14' 'build_alias=amd64-portbld-freebsd14' 'CXX=c++' 'CXXFLAGS=-O2 -pipe  -I/usr/local/include -DLIBICONV_PLUG -fstack-protector-strong -fno-strict-aliasing  -funsigned-char -DLIBICONV_PLUG -std=c++11 ' 'LDFLAGS=  -fstack-protector-strong ' 'LIBS=' 'CPPFLAGS=-I/usr/local/include -DLIBICONV_PLUG' 'CC=cc' 'CFLAGS=-O2 -pipe  -I/usr/local/include -DLIBICONV_PLUG -fstack-protector-strong -fno-strict-aliasing' 'CPP=cpp' 'PKG_CONFIG=pkgconf' 'OPENSSL_CFLAGS=-I/usr/local/include' 'OPENSSL_LIBS=-L/usr/local/lib -lssl -lcrypto'

See that I disabled a few features as I am not using them. I didn't get the "crash" anymore and the performance was improved a little, not like I had in Freebsd 12.3 but it's getting closer. 

Do you see anything wrong with my config? Please, any input is very welcome!

Thanks Much!

Fabricio,

[Sezer]

hi fabricio, i am just wondering did you get same error from the issue, neterror and connection closed?

[Philip Pearce]

Hi Fabrico,

I think that there are two different issues:

1. The stack error and crashing - this seems to be solved by using the -funsigned-char. The type char is used in e2guardian in many places (for buffers etc) and in content-checking and is expected to be unsigned.   If treated as signed then there are many cases which could cause stack errors. (Also may have been due to https://github.com/e2guardian/e2guardian/issues/815??)

2. The 'LISTEN0_proxy' errors on accept are from the operating system and indicate an issue with the network stack in the o/s.

In v5.5 DEBUG_HIGH is enabled by default - you could try disabling it with  --with-debug_high=off and see if that increases the speed. (This replaces the --with-newdebug flag).

Regards

Philip

To view this discussion on the web, visit https://groups.google.com/d/msgid/e2guardian/b82ee108-53bd-4778-a7d3-63b8b49b825bn%40googlegroups.com.

[Fabricio Guzzy]

Hi Sezer

Those are different errors.  It seems the "crash" error is done after enabling the flag mentioned by Philip (-funsigned-char) - only the Listen0_proxy error is still showing up from time to time, but it´s not causing any problem at all.

I will test the other DEBUG flag mentioned by Philip as well.  

Will be back soon.

Regards

Fabricio.

[Fabricio Guzzy]

Thanks Philip.

I will give it a try for sure!

I'll come back later with results.

Thanks

Fabricio.

[Fabricio Guzzy]

Hi Philip.

I recompiled the code with the -funsigned-char but unfortunatelly I am getting the same problems after all.

Jun 20 18:47:25 e2guardian 46966 stack overflow detected; terminated
Jun 20 18:47:25 kernel pid 46966 (e2guardian), jid 0, uid 0: exited on signal 6 (no core dump - bad address)

I tried to recompile it with different openssl versions with no apparent lucky.

by the way, I am using the official freebsd ports source code.

Do you have any other tip for me to try?

Thanks Much,

Fabricio.