Alexander Huemer <alexander.huemer@xxxxx> wrote: > I am aware of the following mechanisms that allow what I want to do: > > For TCP: Using a REDIRECT rule with a port range and getsockopt with > SO_ORIGINAL_DST. > > For UDP: Using a TPROXY rule with a port range and recvmsg, then consume > ancillary message that is provided Use TPROXY. > For SCTP, DCCP, others: I don't know. Use TPROXY, and if you need SCTP support, add that. > So, my question is: Is there a transport protocol agnostic way to > multiplex ports to an application, enabling the application to know on > which port the connection came in? There is no generic way to do what you want. The Transport protocol might not even have 'ports' (ESP for instance). TPROXY doesn't mangle the packets so its enough to use what you get with accept() or recvfrom. > I looked into libnetfilter_conntrack, though I am not sure if I can use > it reliably for that purpose, since it is not operating on an actual > socket AFAICS. Yes, you also do not need connection tracking for this. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
