Re: SO_ORIGINAL_DST failed with ENOENT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi everyone,

I'm new to iptables and recently met a problem when trying to get
original IP address with getsockopt.

I'm using iptables 1.3.3. Here's the rule:
iptables -t nat -A OUTPUT -m owner  --uid-owner <my_user_name>  -p tcp
-d 10.0.0.0/8 -j REDIRECT --to-port 9000

It will redirect all tcp packages to my proxy process listening on
9000 port. And my proxy will handles the real connection with out
world.
Here's my code snippet of my proxy app to get the original destination address:

  struct sockaddr_in addr;
  socklen_t addr_sz = sizeof(addr);

  bzero(reinterpret_cast<char*>(
&addr), addr_sz);
  addr.sin_family = AF_INET;

  if (getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, &addr, &addr_sz) != 0) {
    int err = errno;
    LOG << "Couldn't read SO_ORIGINAL_DST from socket " << fd
              << " Detail: " << strerror(err);
    return false;
  }

For most connections this works well. But it randomly gives ENOENT
error: "No such file or directory"...  I totally don't know why this
happens. Could anyone enlighten me?

Thanks in advance!


--
Best Regards!

   王凯 Kai Wang
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux