[tproxy] I'm having a little trouble binding a tproxy and I might do something wrong.
Eliezer Croitoru
eliezer at ngtech.co.il
Tue Feb 5 02:57:10 CET 2013
On 2/4/2013 5:46 PM, KOVACS Krisztian wrote:
> Yes, but only for local sockets. However, in this case the endpoint
> address is first chosen by the client's TCP stack and then on the
> proxy's TCP stack. The latter does not have a socket bound to the
> address yet, so it will be happy to choose the exact same port.
From the proxy point of view it's a connection and he can use a random
port which the OS will make sure that is ok since it actually pairs the
src IP to the dst IP when binding.
I wanted the same as you.
This adds a bit complexity to the kernel and by the way the tproxy
socket is a local socket from OS eyes but have another non local IP.
You can try it in the real world and see that unless you are working
with specific network protocols and you need to know things about the
src side you wont have any troubles with TPROXY and TCP.
There is too much experience with it that makes it a fact the it works.
From any application the TPROXY outgoing socket is another FD so the
dst and src are only important for loging.
What are you working on?
Regards,
Eliezer
--
Eliezer Croitoru
http://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
More information about the tproxy
mailing list