[tproxy] sctp module patch

maria isabel marifran.isabel0 at gmail.com
Mon Apr 18 10:17:45 CEST 2011


Hello,
   I have attached the sctp patch with the steal socket implementation.But I
have one problem and I need your help.With this change the packet gets
redirected to the TPROXY port but when it reaches the sctp module it gets
dropped and an ABORT chunk is issued.What could be the reason?This does not
happen in tcp and udp.Normal sctp flow is proper on other ports apart from
the TPROXY port.I am able to see this trace.
*
*

*redirecting: proto 132 0aff0d9a:1500 -> 00000000:3127, mark: 1*


**

My rule is

iptables -t mangle -A PREROUTING -p sctp --dport 1500 -j TPROXY --on-port
3127.


Inside the sctp module when the packet is redirected the association lookup
is done with port 1500 and not 3127.

I think the local address is initialised that way or something.Please help
me!!


Regards,

       Maria
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20110418/6ef41773/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sctp.patch
Type: application/octet-stream
Size: 4964 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/tproxy/attachments/20110418/6ef41773/attachment.obj 


More information about the tproxy mailing list