[tproxy] ICMP and tproxy

Javier Govea javier@magma.ca
Thu, 25 Nov 2004 17:56:51 -0500 (EST) 

Hi,

Thank you for your prompt response. I was planning to use raw sockets from the begining.
But I got a little problem. This is my setup:

Client ----------- Proxy --------- Server

If I run a raw socket server in my Proxy box and I ping the Proxy from my Client, then my
raw socket server can get all the pings. But if I ping the Server from my Client, then my
my raw server in the Proxy does not capture anything, because (I'm guessing) it is not
inteded for the Proxy box. So, somehow I need to pass that ping to my raw server. I cannot
use tproxy and the iptables REDIRECT target because REDIRECT requires a port number, and
there are no ports for ICMP packets. So, is there any alternative solution? Am I missing
something?

Below is the code I am using for my raw server.

Thanks in advance.
Xavier

int main()
{
  int sockfd;

  if ((sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0) {
    perror("Socket:");
    return -1;
  }

  struct sockaddr_in srcaddr;
  socklen_t srclen = sizeof(struct sockaddr_in);
  unsigned char buffer [2000];
  int len = 2000;
  int bytes;

  struct icmphdr *icmphdr;
  
  while(1) {
    printf ("Waiting for pings...\n");

    if ( (bytes = recvfrom(sockfd, buffer, len, 0, (struct sockaddr *)&srcaddr, &srclen)) < 0)
      perror("rcvfrom");
    else {
      icmphdr = (struct icmphdr *)(buffer + sizeof(struct iphdr));

      printf ("Received %d bytes from %s:%d ICMP header: type %d code %d seq %d id %d\n",
               bytes, inet_ntoa(srcaddr.sin_addr), ntohs(srcaddr.sin_port),
               icmphdr->type, icmphdr->code, ntohs(icmphdr->un.echo.sequence),
ntohs(icmphdr->un.echo.id) );
    }  
    
  }

  return 1;
}

ICMP is not currently supported by TProxy directly. However you can
use raw sockets to achieve the same result.

On Wed, 2004-11-24 at 23:53, Javier Govea wrote:
> Hi,
> 
> I am writing an proxy for different appliacations. So, far it's working with UDP and TCP.
> All packets arriving at my proxy machine are redirected, with iptables, to the the proxy
> server, which extracts the final destination of each packet. For the UDP case I am using a
> tproxy rule to forward all traffic to the proxy server. The proxy server is using
> something similar to redirect-udp-recv.c to exctract final destinations.
> 
> Now, I need my proxy to support pings and thus ICMP packets. Can use the tproxy to forward
> ICMP packets to my proxy??? and to extract final destination similar to
> redirect-udp-recv.c??? If this is not possible, is there any alternative?
> 
> Thanks in advance
> Xavier
> 
> 
> _______________________________________________
> tproxy mailing list
> tproxy@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/tproxy
-- 
Bazsi