[tproxy] TProxy implementation.
KOVACS Krisztian
hidden@balabit.hu
Wed, 26 Nov 2003 10:00:52 +0100
Hi,
Sorry for late reply... :(
> Before sk->prot->connect(=tcp_v4_connect) to server setted tproxy like
> below :
>
> memset(itp, 0x00, sizeof(struct in_tproxy));
> memcpy(&(itp->itp_faddr.s_addr), &(client->sk->daddr), sizeof(struct
> in_addr));
> itp->itp_fport = 0;
> memcpy(&(server->sk->rcv_saddr), &(client->sk->saddr), sizeof(struct
> in_addr));
>
> tperr = sk->prot->setsockopt(sk, SOL_IP, IP_TPROXY_ASSIGN, (char *)itp,
> sizeof(struct in_tproxy));
> flags = ITP_CONNECT;
> tperr = sk->prot->setsockopt(sk, SOL_IP, IP_TPROXY_FLAGS, (char *)&flags,
> sizeof(int));
>
> And after tcp_close, unsetted tproxy like below :
>
> tperr = sk->prot->setsockopt(sk, SOL_IP, IP_TPROXY_UNASSIGN, NULL, 0);
>
> And configured iptable :
>
> iptables -t nat -A PREROUTING -p tcp -d 10.1.1.10 --dport 80 -j REDIRECT --
> to-port 80
Looks OK.
> I configured my transparent proxy box(has 1 network interface card) with
> Layer-4 switch(for Cache-Redirect).
> Just started, Tproxy working fine.
> Few minutes later, Tproxy send packet with other's foreign address to
> destination host irregularly.
> But client received response exactly.
> When that appeared, my reverse proxy box has 4000 established TCP server
> connections and hash table size was same.
Could you describe your network setup a bit more?
--
Regards,
Krisztian KOVACS