[tproxy] !!Socket getting set to NULL in TPROXY for SCTP

maria isabel marifran.isabel0 at gmail.com
Mon May 9 11:24:10 CEST 2011

   I am able to obtain a socket reference by doing a socket look-up in the
xt_socket module.After this somehow the following code gets hit

  if (wildcard || !transparent){
                printk(KERN_INFO "Inside not transparent or wildcard
                        sk = NULL;
   I am sure the socket is transparent so I am assuming it satisfies the
wildcard case here.

socket match: proto 132 0aff0d8c:40480 -> 0aff0d9e:3127 (orig 0aff0d9e:3127)
sock (null)

   sk gets set to null.Can you please tell me how to resolve this?
   What is the flow of the TPROXY module?My understanding is as follows
   -When a packet comes first it hits xt_socket
   -When this fails it hits xt_TPROXY
   I am able to get this trace from xt_TPROXY when I specify a port number
in the TPROXY rule.

iptables -t mangle -A PREROUTING -p sctp -i bond0.110 --*dport 1500* -j
TPROXY --tproxy-mark 1 --on-port 3127

I get this trace

redirecting: proto 132 0aff0d9e:1500 -> 00000000:3128, mark: 1

But this never comes when I make the rule

iptables -t mangle -A PREROUTING -p sctp -i bond0.110 --*dport 0* -j TPROXY
--tproxy-mark 1 --on-port 3127

Can someone please explain this to me.For TCP I am able to successfuly get a
socket reference

socket match: proto 6 0a8e8ea6:4576 -> 0aff0d9e:22 (orig 0aff0d9e:22) sock *

For SCTP my design is as follows
-I do the lookup and store the TPROXY port number in skb->cb and redirect
the packet
-Once the packet reaches the sctp module I redo the lookup with the TPROXY
port so I get a valid association/endpoint and the global structures
required by the sctp module are filled.

I get this error also sporadically

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20110509/df43878d/attachment.htm 

More information about the tproxy mailing list