Hi, I found some time to get back to my transparent proxy support for Netfilter. I posted a patch about 2 months ago which implemented a TPROXY target in its own tproxy table, which was able to redirect TCP sessions to a local socket but was missing a way to query this address.
At the developer's workshop I agreed with Rusty that the destination address should be stored associated with the socket as soon as the connection is established. So here's how it would work: - TPROXY target redirects a session - the original destination address/port number is stored in the IPCB() part of the skb - as soon as the socket is created this address/port number is copied into sk->tp_pinfo.af_tcp (struct tcp_opt) This would happen in tcp_v4_hnd_req() - this information is queried by the application using a getsockopt call to fetch the original destination address, the getsockopt can be implemented by registering an nf_sockopt_ops I'd like to have the core-members advice, is this a good way? Harald? -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
