Hello,<br> I am able to obtain a socket reference by doing a socket look-up in the xt_socket module.After this somehow the following code gets hit<br><br> if (wildcard || !transparent){<br> printk(KERN_INFO "Inside not transparent or wildcard xt_socket");<br>
sk = NULL;<br> }<br> I am sure the socket is transparent so I am assuming it satisfies the wildcard case here.<br><br><span style="color: rgb(255, 0, 0);">socket match: proto 132 0aff0d8c:40480 -> 0aff0d9e:3127 (orig 0aff0d9e:3127) sock (null)</span><br>
<br> sk gets set to null.Can you please tell me how to resolve this?<br> What is the flow of the TPROXY module?My understanding is as follows<br> -When a packet comes first it hits xt_socket<br> -When this fails it hits xt_TPROXY<br>
I am able to get this trace from xt_TPROXY when I specify a port number in the TPROXY rule.<br>
<p class="MsoNormal" style=""><a name="OLE_LINK2"></a><a name="OLE_LINK1"><span style=""><span style="font-size: 11pt; font-family: Calibri;">iptables -t mangle -A PREROUTING -p sctp -i
bond0.110 <span style="color: rgb(255, 102, 0);">--<b>dport 1500</b></span> -j TPROXY
--tproxy-mark 1 --on-port 3127</span></span></a></p><p class="MsoNormal" style=""><a name="OLE_LINK1"><span style=""><span style="font-size: 11pt; font-family: Calibri;"><br></span></span></a></p><p class="MsoNormal" style="">
<a name="OLE_LINK1"><span style=""><span style="font-size: 11pt; font-family: Calibri;"></span></span></a></p><p class="MsoNormal" style=""><a name="OLE_LINK1"><span style=""><span style="font-size: 11pt; font-family: Calibri;"></span></span></a></p>
<p class="MsoNormal" style=""><a name="OLE_LINK1"><span style=""><span style="font-size: 11pt; font-family: Calibri;"></span></span></a></p><p class="MsoNormal" style=""><a name="OLE_LINK1"><span style=""><span style="font-size: 11pt; font-family: Calibri;"></span></span></a></p>
<p class="MsoNormal" style=""><a name="OLE_LINK1"><span style=""><span style="font-size: 11pt; font-family: Calibri;"><span style="font-family: arial,helvetica,sans-serif;">I get this trace</span></span></span></a></p><p class="MsoNormal" style="">
<a name="OLE_LINK1"><span style=""><span style="font-size: 11pt; font-family: Calibri;"><span style="font-family: arial,helvetica,sans-serif;"></span><br></span></span></a></p><p class="MsoNormal" style="color: rgb(255, 0, 0); font-family: arial,helvetica,sans-serif;">
<a name="OLE_LINK1"><span style=""><span style="font-size: 11pt;">redirecting: proto 132 0aff0d9e:1500 -> 00000000:3128, mark: 1</span></span></a></p><p class="MsoNormal" style=""><a name="OLE_LINK1"><span style=""><span style="font-size: 11pt; font-family: Calibri;"><br>
</span></span></a></p><p class="MsoNormal" style=""><a name="OLE_LINK1"><span style=""><span style="font-size: 11pt; font-family: Calibri;"></span></span></a></p><p class="MsoNormal" style="font-family: arial,helvetica,sans-serif;">
<span style=""><span style="font-size: 11pt;">But this never comes when I make the rule</span></span></p><p class="MsoNormal" style=""><a name="OLE_LINK1"><span style=""><span style="font-size: 11pt; font-family: Calibri;">iptables -t mangle -A PREROUTING -p sctp -i
bond0.110 <span style="color: rgb(255, 102, 0);">--<b>dport 0</b></span> -j TPROXY
--tproxy-mark 1 --on-port 3127</span></span></a></p><p class="MsoNormal" style=""><a name="OLE_LINK1"><span style=""><span style="font-size: 11pt; font-family: Calibri;"></span></span></a></p><p class="MsoNormal" style="">
<a name="OLE_LINK1"><span style=""><span style="font-size: 11pt; font-family: Calibri;"></span></span></a></p><p class="MsoNormal" style=""><br><span style=""><span style="font-size: 11pt; font-family: Calibri;"></span></span></p>
<p class="MsoNormal" style="font-family: arial,helvetica,sans-serif;"><span style=""><span style="font-size: 11pt;">Can someone please explain this to me.For TCP I am able to successfuly get a socket reference</span></span></p>
<p class="MsoNormal" style="font-family: arial,helvetica,sans-serif; color: rgb(255, 0, 0);"><span style=""><span style="font-size: 11pt;"><br></span></span></p><p class="MsoNormal" style="color: rgb(255, 0, 0);">
</p><p class="MsoNormal" style="color: rgb(255, 0, 0);"><span style="font-size: 10pt; font-family: Arial;">socket
match: proto 6 0a8e8ea6:4576 -> 0aff0d9e:22 (orig 0aff0d9e:22) sock <b>ffff88041d3a54c0</b></span></p>
<br>For SCTP my design is as follows<br>-I do the lookup and store the TPROXY port number in skb->cb and redirect the packet<br>-Once the packet reaches the sctp module I redo the lookup with the TPROXY port so I get a valid association/endpoint and the global structures required by the sctp module are filled.<br>
<br>I get this error also sporadically<br><br><br>Regards,<br> Maria<br>