[tproxy] Re: Development version 1.9.2 released - Oops
KOVACS Krisztian
hidden@balabit.hu
Mon, 22 Mar 2004 09:32:30 +0100
Hi,
On Sat, 2004-03-20 at 03:35, James MacLean wrote:
> 1. When an application sets up for a tproxy foreign source address
> according to the cttproxy-2.6.3-1.9.2 README, do any other iptables rules
> need to be added to activate what the application has setup?
No, but unfortunately the README is out of date, so the parts
documenting the setsockopt() calls does not apply to the current code.
> 2. Gianni's patches had :
>
> int f=ITP_CONNECT;
> struct in_tproxy itp;
> itp.itp_faddr.s_addr = fwdState->src.sin_addr.s_addr;
> itp.itp_fport = fwdState->src.sin_port;
> setsockopt(fd, SOL_IP, IP_TPROXY_ASSIGN, &itp, sizeof(itp));
> setsockopt(fd, SOL_IP, IP_TPROXY_FLAGS, &f, sizeof(f));
>
> which I have replaced with :
>
> int f=ITP_CONNECT;
> struct in_tproxy itp;
> itp.v.addr.faddr.s_addr = fwdState->src.sin_addr.s_addr;
> itp.v.addr.fport = fwdState->src.sin_port;
> setsockopt(fd, SOL_IP, TPROXY_ASSIGN, &itp, sizeof(itp));
> setsockopt(fd, SOL_IP, TPROXY_FLAGS, &f, sizeof(f));
>
> Does this appear to be a correct code update?
No, unfortunately. The ABI changes made the TPROXY_ASSIGN, etc.
options obsolete. You should try something like this:
- 8< -
struct in_tproxy itp;
itp.op = TPROXY_ASSIGN;
itp.v.addr.faddr.s_addr = fwdState->src.sin_addr.s_addr;
itp.v.addr.fport = fwdState->src.sin_port;
setsockopt(fd, SOL_IP, IP_TPROXY, &itp, sizeof(itp));
itp.op = TPROXY_FLAGS;
itp.v.flags = ITP_CONNECT;
setsockopt(fd, SOL_IP, IP_TPROXY, &itp, sizeof(itp));
- 8< -
> Again, sorry to bother. Would appreciate even a pointer to a small code
> sample that does the transparent proxy this way that I could learn from.
See the tests directory inside the .tar.gz, those are up-to-date code
covering most of the simple cases.
--
Regards,
Krisztian KOVACS