[tproxy] UDP tproxy

KOVACS Krisztian hidden@balabit.hu
Sat, 16 Oct 2004 15:25:00 +0200


Javier Govea wrote:
> I have only one last question, it is just curiosity. redirect-udp-recv.c has the following
> lines of code. 
>   /* check tproxy version */
>   itp.op = TPROXY_VERSION;
>   itp.v.version = 0x02000000;
>   if (setsockopt(sock, SOL_IP, IP_TPROXY, &itp, sizeof(itp)) == -1)
>     {
>       perror("setsockopt(SOL_IP, IP_TPROXY, TPROXY_VERSION)");
>       return -1;
>     }
> Is this part optional? What happen if I set the wrong version? Does it mean that my
> program works only a specific tproxy version?

   Yes, it's optional. It is an illustration on how to detect whether 
the tproxy version in the kernel is compatible with this version of the 
interface. The user-space software requests interface version 2.0.0 
(0x20000000) from the kernel, and the setsockopt fails if the tproxy 
implementation does not support this interface. Note that in spite of 
using setsockopt(), this operation does not set anything, it just barely 
returns if a compatible interface is supported. The same operation with 
getsockopt() simply returns the interface version number.

   Krisztian KOVACS