<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<div class="moz-forward-container">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
Hi,
<p>thanks for the quick reply! Ok then i guess i will have to do
it this way. The race condition should not be that much of a
problem in my case as i run single threaded and pass all packets
from main proxy port to the new tproxy port anyway. So i guess
the only thing that could happen is that i check the origdst for
multiple packets and after the first packed i only forward to my
application logic and do not setup a new socket.</p>
<p>The only real problem i might have is how to decide when to
close the remote tproxy socket, but thats a application logic
problem so i'll figure something out.</p>
<p>Thanks for the help!</p>
<p>regards,</p>
<p>Maximilian Frank</p>
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 27/06/17 11:49, Scheidler, Balázs
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CANWQT2OB8PaRQjqvYHeeDTyFanjtHWOZQTcka-w_W=kHAeHnnQ@mail.gmail.com">
<div dir="ltr">
<div>
<div>Hi,<br>
<br>
</div>
udp_accept() was not accepted at that point, and I stopped
pushing it. right now the best option is to fetch the first
packet, find our the original sender and create a new socket
with the matching local/remote endpoints, which would
receive further traffic.<br>
<br>
</div>
there's a race between the reception of the first packet and
the creation of the socket though.<br>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">-- <br>
Bazsi<br>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Mon, Jun 26, 2017 at 5:54 PM,
Maximilian Frank <span dir="ltr"><<a
href="mailto:mail@frank-maximilian.at" target="_blank"
moz-do-not-send="true">mail@frank-maximilian.at</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hi List,</p>
<p>not sure if I am in the right place as tproxy is part
of the kernel now, but i am gonna as here anyway.</p>
<p>I am currently building a python based transparent
TCP + UDP proxy. The setup for the proxy would be a
basic mitm i.e.<br>
<br>
Local Net --> Tproxy Box --> Internet</p>
<p>For TCP i can simply use getsockopt(SO_ORIGINAL_DST)
to get original destination address and port. This
works for tproxy and normal redirects. With UDP of
course i cant do that. At the moment i am using <span
style="color:rgb(36,39,41);font-family:Arial,"Helvetica
Neue",Helvetica,sans-serif;font-size:15px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:left;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;display:inline!important;float:none">IP_RECVORIGDST
to get the original udp destination and port. This
works fine apart from the fact that there seems to
be a bug in recent kernels disabling this sockopt. (<a
class="m_-6353983331584756559moz-txt-link-freetext"
href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=d36a1cb1e3285ba7eb1bcff5b231b4786deefc5b"
target="_blank" moz-do-not-send="true">https://git.kernel.org/pub/<wbr>scm/linux/kernel/git/stable/<wbr>linux-stable.git/commit/?id=<wbr>d36a1cb1e3285ba7eb1bcff5b231b4<wbr>786deefc5b</a>)
<br>
</span></p>
<p><span
style="color:rgb(36,39,41);font-family:Arial,"Helvetica
Neue",Helvetica,sans-serif;font-size:15px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:left;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;display:inline!important;float:none">While
researching tproxy i found this mail (<a
class="m_-6353983331584756559moz-txt-link-freetext"
href="https://lists.balabit.hu/pipermail/tproxy/2008-November/000996.html"
target="_blank" moz-do-not-send="true">https://lists.balabit.hu/<wbr>pipermail/tproxy/2008-<wbr>November/000996.html</a>)
in the thread archive. My question now is this udp
accept part of the kernel version of tproxy or is
there a patch for it out there for newer kernels. I
ask because i feel this approach is a lot cleaner
than me manually creating a new tproxy enabled
socket. So any info/help is much appreciated. <br>
</span></p>
<p><span
style="color:rgb(36,39,41);font-family:Arial,"Helvetica
Neue",Helvetica,sans-serif;font-size:15px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:left;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;display:inline!important;float:none">with
kind regards,</span></p>
<p><span
style="color:rgb(36,39,41);font-family:Arial,"Helvetica
Neue",Helvetica,sans-serif;font-size:15px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:left;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;display:inline!important;float:none">Maximilian
Frank<br>
</span></p>
</div>
<br>
______________________________<wbr>_________________<br>
tproxy mailing list<br>
<a href="mailto:tproxy@lists.balabit.hu"
moz-do-not-send="true">tproxy@lists.balabit.hu</a><br>
<a href="https://lists.balabit.hu/mailman/listinfo/tproxy"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.balabit.hu/<wbr>mailman/listinfo/tproxy</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</body>
</html>