[tproxy] Invalid Arguement for setsockopt

KOVACS Krisztian hidden at balabit.hu
Fri Dec 23 11:34:14 CET 2005 

  Hi,

On 2005. December 20. 00.08, Sai Bathina wrote:
> I am seeing that I am getting an Invalid Arguement for setsockopt for
> TPROXY_ASSIGN.
> I have tried this compiling tproxy into the kernel as well as loading
> them as modules.

  First of all, sorry for the delayed answer.

  Obviously, compiling into the kernel and loading as a module should
give exactly the same results.

> This is the code snippet:
>
>   sock = socket(AF_INET, SOCK_STREAM, 0);
>   if (sock == -1)
>     {
>       perror("socket");
>       return -1;
>     }
>
>   /* check tproxy version*/
>   itp.op = TPROXY_VERSION;
>   itp.v.version = 0x02000000;
>   if (setsockopt(sock, SOL_IP, IP_TPROXY, &itp, sizeof(itp)) == -1)
>     {
>       perror("setsockopt(SOL_IP, IP_TPROXY, TPROXY_VERSION)");
>       return -1;
>     }
>
>   /* bind to local address */
>   sin.sin_family = AF_INET;
>   sin.sin_addr.s_addr = INADDR_ANY;
>   //inet_aton(argv[1], &sin.sin_addr);
>   sin.sin_port = htons(9999);
>
>   if (bind(sock, (struct sockaddr *) &sin, sizeof(sin)) == -1)
>     {
>       perror("bind");
>       return -1;
>     }
>
>   listen(sock, 5);
>   clilen = sizeof(cli_addr);
>   newsockfd = accept(sock,(struct sockaddr *) &cli_addr,&clilen);
>   if (newsockfd < 0)
>     error("ERROR on accept");
>
>   printf("Here is the client:
> %s:%i\n",inet_ntoa(cli_addr.sin_addr.s_addr),
> ntohs(cli_addr.sin_port) );

  Ok, no problems up to this point. However, the next few lines are
somewhat problematic.

>   /* assign foreign address */
>   itp.op = TPROXY_ASSIGN;
>
>   memcpy( &itp.v.addr.faddr, &cli_addr.sin_addr, sizeof( struct
> in_addr ) );
>
>   itp.v.addr.fport = cli_addr.sin_port;
>
>   printf("Here is the itp vals for faddr and fport
> %s:%i\n",inet_ntoa(itp.v.addr.faddr), ntohs(itp.v.addr.fport) );
>
>   if (setsockopt(sock, SOL_IP, IP_TPROXY, &itp, sizeof(itp)) == -1)
>     {
>       perror("setsockopt(SOL_IP, IP_TPROXY, TPROXY_ASSIGN)");
>       return -1;
>     }

  Once you've accept()-ed the connection and have a socket, you cannot
do any assignments on the socket because it has the same local endpoint
(IP:port) as the listener socket. By the way, I don't really get what
you're trying to do, so I could probably help you more if you told us
what this piece of the program is supposed to achieve.

-- 
 Regards,
  Krisztian Kovacs

More information about the tproxy mailing list