Hi,

I found some time to get back to my transparent proxy support for Netfilter.
I posted a patch about 2 months ago which implemented a TPROXY target in its
own tproxy table, which was able to redirect TCP sessions to a local socket
but was missing a way to query this address.

At the developer's workshop I agreed with Rusty that the destination address
should be stored associated with the socket as soon as the connection is
established. So here's how it would work:

- TPROXY target redirects a session

- the original destination address/port number is stored in the IPCB() part
  of the skb

- as soon as the socket is created this address/port number is copied into
  sk->tp_pinfo.af_tcp (struct tcp_opt) This would happen in tcp_v4_hnd_req()

- this information is queried by the application using a getsockopt call to
  fetch the original destination address, the getsockopt can be implemented
  by registering an nf_sockopt_ops

I'd like to have the core-members advice, is this a good way? Harald?

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1

Reply via email to