[tproxy] FW: tproxy getsockopt call
KOVACS Krisztian
hidden@balabit.hu
Wed, 07 Jul 2004 12:05:47 +0200
Hi,
2004-07-07, sze keltezéssel 07:50-kor Andrew Ivins ezt írta:
> Bit of a low level question, again probably one for Krisztian.
>
> One of our developers is trying to ascertain what the original peer
> addresses are on a tproxy socket. In the code snippet below, he prints
> out the original source and destination addresses. However they are
> always zero.
>
> Does anybody know the correct way of doing this? We are still using
> cttproxy-2.4.25-1.9.3.
>
>
> > Here's the code sample
> >
> > struct in_origaddrs orig;
> > ...
> > ...
> > if ( getsockopt(fd, SOL_IP, IP_ORIGADDRS, &orig, &orig_len) ) {
> > debug(5, 1) ("commConnectStart: Couldn't get original
> > address for fd\n");
> > } else {
> > debug(5, 1) ("commConnectStart: FD = %d\n", fd);
> > debug(5, 1) ("commConnectStart: Original source address
> > is %s\n",
> > inet_ntoa(orig.ioa_srcaddr));
> > debug(5, 1) ("commConnectStart: Original destination
> > address is %s\n",
> > inet_ntoa(orig.ioa_dstaddr));
> > }
If you are using TCP sockets, use the facilities provided by
Netfilter, that is, the SO_ORIGINAL_DST sockopt. For example:
struct sockaddr_in sin;
socklen_t sinlen = sizeof(sin);
if (getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, &sin, &sinlen) != 0) {
/* handle error */
} else {
/* success, address is in sin */
}
TProxy's original address sockopt is useful for UDP sockets, where
every packet may have different original destination addresses. In this
case, you have to be able to receive all information atomically, with
one system call. So, you have to enable receiving of original address
information with a setsockopt(), and then use recvmsg() to receive the
message. Then, the necessary information should be in the auxiliary
information block of the msghdr structure. But you need this only for
UDP, the TCP case is much more simple.
--
Regards,
Krisztian KOVACS