<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi List,</p>
<p>not sure if I am in the right place as tproxy is part of the
kernel now, but i am gonna as here anyway.</p>
<p>I am currently building a python based transparent TCP + UDP
proxy. The setup for the proxy would be a basic mitm i.e.<br>
<br>
Local Net --> Tproxy Box --> Internet</p>
<p>For TCP i can simply use getsockopt(SO_ORIGINAL_DST) to get
original destination address and port. This works for tproxy and
normal redirects. With UDP of course i cant do that. At the moment
i am using <span style="color: rgb(36, 39, 41); font-family:
Arial, "Helvetica Neue", Helvetica, sans-serif;
font-size: 15px; font-style: normal; font-variant-ligatures:
normal; font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; orphans: 2; text-align: left;
text-indent: 0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); text-decoration-style:
initial; text-decoration-color: initial; display: inline
!important; float: none;">IP_RECVORIGDST to get the original udp
destination and port. This works fine apart from the fact that
there seems to be a bug in recent kernels disabling this
sockopt.
(<a class="moz-txt-link-freetext" href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=d36a1cb1e3285ba7eb1bcff5b231b4786deefc5b">https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=d36a1cb1e3285ba7eb1bcff5b231b4786deefc5b</a>)
<br>
</span></p>
<p><span style="color: rgb(36, 39, 41); font-family: Arial,
"Helvetica Neue", Helvetica, sans-serif; font-size:
15px; font-style: normal; font-variant-ligatures: normal;
font-variant-caps: normal; font-weight: normal; letter-spacing:
normal; orphans: 2; text-align: left; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); text-decoration-style:
initial; text-decoration-color: initial; display: inline
!important; float: none;">While researching tproxy i found this
mail
(<a class="moz-txt-link-freetext" href="https://lists.balabit.hu/pipermail/tproxy/2008-November/000996.html">https://lists.balabit.hu/pipermail/tproxy/2008-November/000996.html</a>)
in the thread archive. My question now is this udp accept part
of the kernel version of tproxy or is there a patch for it out
there for newer kernels. I ask because i feel this approach is a
lot cleaner than me manually creating a new tproxy enabled
socket. So any info/help is much appreciated. <br>
</span></p>
<p><span style="color: rgb(36, 39, 41); font-family: Arial,
"Helvetica Neue", Helvetica, sans-serif; font-size:
15px; font-style: normal; font-variant-ligatures: normal;
font-variant-caps: normal; font-weight: normal; letter-spacing:
normal; orphans: 2; text-align: left; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); text-decoration-style:
initial; text-decoration-color: initial; display: inline
!important; float: none;">with kind regards,</span></p>
<p><span style="color: rgb(36, 39, 41); font-family: Arial,
"Helvetica Neue", Helvetica, sans-serif; font-size:
15px; font-style: normal; font-variant-ligatures: normal;
font-variant-caps: normal; font-weight: normal; letter-spacing:
normal; orphans: 2; text-align: left; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); text-decoration-style:
initial; text-decoration-color: initial; display: inline
!important; float: none;">Maximilian Frank<br>
</span></p>
</body>
</html>