[tproxy] (no subject)
Jon Nelson
jnelson-tproxy@securepipe.com
Wed, 8 Oct 2003 16:18:00 -0500 (CDT)
Howdy
I have a few questions about tproxy. I'm using cttproxy-2.4.21-23
For both questions I am talking about performing non-local binds using
the established procedure:
bind locally
setsockopt(ASSIGN)
setsockopt(LISTEN|CONNECT or'd with ONCE)
call listen or connect as appropriate.
Problem #1: assume a process has gone through the steps of locally
binding, calling setsockopt(ASSIGN) and setsockopt(LISTEN|ONCE) but has
/not/ called 'listen' on the socket.
If the process ends abruptly, the iptable_tproxy module refuses to
unhash the socket:
IP_TPROXY_UNASSIGN: not unhashing socket, 0100007f:2080, sr=c083c100,
proto=6, sk->state=7, sr->flags=10003
The relevant code is near line 868, and I believe the test:
(sk->state != TCP_LISTEN)
is too specific. In the above sock, the state was TCP_CLOSE.
Should TCP_CLOSE, TCP_CLOSE_WAIT, and/or TCP_CLOSING
be added (I'm inclined to think that /just/ TCP_CLOSE)?
Issue #2: assume a machine with 4 interfaces (if you include lo).
Binding locally to any of the 3 non-lo addresses works just fine.
However, why does (the initial local) binding to either 0 (INADDR_ANY)
or 127.0.0.1 not work?
--
What do you call a fish with no eyes? A fsh.
Jon Nelson <jnelson-tproxy@securepipe.com>