[tproxy] TProxy implementation.

ȣ mobyduke@dreamintek.com
Thu, 6 Nov 2003 23:21:11 +0900


Hello.

I'm trying to make transparent proxy for controlling HTTP access to web-
server.
All was implemented in Kernel 2.4.19 except iptables.
So, I replaced set_sockopt with tcp_setsockopt, sock with sk,
copy_from/to_user with memcpy.

Before sk->prot->connect(=tcp_v4_connect) to server setted tproxy like
below :

	memset(itp, 0x00, sizeof(struct in_tproxy));
	memcpy(&(itp->itp_faddr.s_addr), &(client->sk->daddr),
sizeof(struct in_addr));
	itp->itp_fport = 0;
	memcpy(&(server->sk->rcv_saddr), &(client->sk->saddr),
sizeof(struct in_addr));

	tperr = sk->prot->setsockopt(sk, SOL_IP, IP_TPROXY_ASSIGN, (char
*)itp, sizeof(struct in_tproxy));
	flags = ITP_CONNECT;
	tperr = sk->prot->setsockopt(sk, SOL_IP, IP_TPROXY_FLAGS, (char
*)&flags, sizeof(int));

And after tcp_close, unsetted tproxy like below :

	tperr = sk->prot->setsockopt(sk, SOL_IP, IP_TPROXY_UNASSIGN, NULL,
0);

And configured iptable :

	iptables -t tproxy -A PREROUTING -p tcp -d 10.1.1.10 --dport 80 -j
TPROXY --on-port 80


I configured my transparent proxy box with Layer-4 switch.
Just started, Tproxy working fine.
Few minutes later, Tproxy send packet with other's foreign address to
destination host irregularly.
But client received response exactly.
When that appeared, my reverse proxy box has over 8000 established TCP
connections and hash table size was same with number of server connections.

Am I missed or wrong?
Thanks.