Hi, On Mon, 2011-04-18 at 13:47 +0530, maria isabel wrote:

I have attached the sctp patch with the steal socket implementation.But I have one problem and I need your help.With this change the packet gets redirected to the TPROXY port but when it reaches the sctp module it gets dropped and an ABORT chunk is issued.What could be the reason?This does not happen in tcp and udp.Normal sctp flow is proper on other ports apart from the TPROXY port.I am able to see this trace.

redirecting: proto 132 0aff0d9a:1500 -> 00000000:3127, mark: 1

My rule is

iptables -t mangle -A PREROUTING -p sctp --dport 1500 -j TPROXY --on-port 3127.

Inside the sctp module when the packet is redirected the association lookup is done with port 1500 and not 3127.

I think the local address is initialised that way or something.Please help me!!

First of all: I don't really know SCTP, neither the protocol nor the Linux implementation, so everything that follows is highly theoretical and might be completely wrong. The code in the patch you've attached does not really do anything (apart from leaking a socket reference). The point of the similar code in TCP/UDP is that when the TPROXY target redirects a connection it stores a reference of the socket listening on the redirected address in the skb. Having had a quick look on your code in your previous mail, you store the socket reference in asoc->base (ie. the socket belonging to the looked-up endpoint). However, in the SCTP code the lookup doesn't return a socket reference but an SCTP endpoint (or association). So you'd have to find a way to get the SCTP association belonging to skb->sk and modify either the lookup routines in net/sctp/input.c or sctp_rcv() to use that association/endpoint in case skb->sk is set. -- KOVACS Krisztian