[Seems the same mail I sent yesterday had some formatting error, so
send it again. Sorry for spam...]
Hi everyone,
I'm new to iptables and recently met a problem when trying to get
original IP address with getsockopt.
I'm using iptables 1.3.3 on linux 2.6. Here's the rule:
iptables -t nat -A OUTPUT -m owner --uid-owner <my_user_name> -p tcp
-d 10.0.0.0/8 -j REDIRECT --to-port 9000
It will redirect all tcp packages to my proxy process listening on
9000 port. And my proxy will handles the real connection with out
world.
Here's my code snippet of my proxy app to get the original destination address:
struct sockaddr_in addr;
socklen_t addr_sz = sizeof(addr);
bzero(reinterpret_cast<char*>(&addr), addr_sz);
addr.sin_family = AF_INET;
if (getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, &addr, &addr_sz) != 0) {
int err = errno;
LOG << "Couldn't read SO_ORIGINAL_DST from socket " << fd
<< " Detail: " << strerror(err);
return false;
}
For most connections this works well. But it randomly returns -1 and
gives ENOENT errno: "No such file or directory"...
I totally don't know why or in which condition this will happen. Could
anyone enlighten me?
Thanks in advance!
--
Best Regards!
Kai Wang
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
