* How to get access to NAT info from userland
@ 2011-04-02 8:23 Brian G
[not found] ` <AANLkTi=U8KZ_=ckSJ9yrqsTdG=L3tgtzLcDQ58mS=eRM@mail.gmail.com>
0 siblings, 1 reply; 5+ messages in thread
From: Brian G @ 2011-04-02 8:23 UTC (permalink / raw)
To: netfilter-devel
I have a socket, IPv4. It is being transparent proxied to userland via a
REDIRECT NAT target.
Is there any getsocketopt() or any syscall so I can get the REAL
destination address off this socket from userland?
If not, I still need to know the TRUE DESTINATION when using a
transparent proxy so I know where to send to request. What needs to
added to the kernel (e.g. like an iptables TARGET) to get this info.
- Brian G
^ permalink raw reply [flat|nested] 5+ messages in thread[parent not found: <AANLkTi=U8KZ_=ckSJ9yrqsTdG=L3tgtzLcDQ58mS=eRM@mail.gmail.com>]
* Re: How to get access to NAT info from userland [not found] ` <AANLkTi=U8KZ_=ckSJ9yrqsTdG=L3tgtzLcDQ58mS=eRM@mail.gmail.com> @ 2011-04-03 0:07 ` Brian G 2011-04-14 7:03 ` Jan Engelhardt 0 siblings, 1 reply; 5+ messages in thread From: Brian G @ 2011-04-03 0:07 UTC (permalink / raw) To: netfilter-devel On 4/2/2011 6:55 PM, Sam Roberts wrote: > On Sat, Apr 2, 2011 at 1:23 AM, Brian G<unixman83@gmail.com> wrote: >> If not, I still need to know the TRUE DESTINATION when using a transparent >> proxy so I know where to send to request. What needs to added to the kernel >> (e.g. like an iptables TARGET) to get this info. > Does the conntrack -L output have the info you'd like? Probably. Too bad my distro (CentOS) doesn't seem to provide this binary. > Sam Brian ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: How to get access to NAT info from userland 2011-04-03 0:07 ` Brian G @ 2011-04-14 7:03 ` Jan Engelhardt 2011-04-14 7:12 ` Brian G 0 siblings, 1 reply; 5+ messages in thread From: Jan Engelhardt @ 2011-04-14 7:03 UTC (permalink / raw) To: Brian G; +Cc: netfilter-devel On Sunday 2011-04-03 02:07, Brian G wrote: > On 4/2/2011 6:55 PM, Sam Roberts wrote: >> On Sat, Apr 2, 2011 at 1:23 AM, Brian G<unixman83@gmail.com> wrote: >>> If not, I still need to know the TRUE DESTINATION when using a transparent >>> proxy so I know where to send to request. What needs to added to the kernel >>> (e.g. like an iptables TARGET) to get this info. >> Does the conntrack -L output have the info you'd like? > Probably. Too bad my distro (CentOS) doesn't seem to provide this binary. Ye, enterprise distributions have a bad track record for shipping the complete NF suite. Avoid :/ ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: How to get access to NAT info from userland 2011-04-14 7:03 ` Jan Engelhardt @ 2011-04-14 7:12 ` Brian G 2011-04-14 7:18 ` Jan Engelhardt 0 siblings, 1 reply; 5+ messages in thread From: Brian G @ 2011-04-14 7:12 UTC (permalink / raw) To: Jan Engelhardt; +Cc: netfilter-devel On 4/14/2011 2:03 AM, Jan Engelhardt wrote: > On Sunday 2011-04-03 02:07, Brian G wrote: >> On 4/2/2011 6:55 PM, Sam Roberts wrote: >>> On Sat, Apr 2, 2011 at 1:23 AM, Brian G<unixman83@gmail.com> wrote: >>> Does the conntrack -L output have the info you'd like? >> Probably. Too bad my distro (CentOS) doesn't seem to provide this binary. > Ye, enterprise distributions have a bad track record for shipping the > complete NF suite. Avoid :/ TPROXY will work, it should become commonplace by the time IPv6 gets going strong. Someone on stackoverflow answered my question, although he called tproxy a 'hack'. It will work fine so long as it doesn't hinder performance. Brian G. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: How to get access to NAT info from userland 2011-04-14 7:12 ` Brian G @ 2011-04-14 7:18 ` Jan Engelhardt 0 siblings, 0 replies; 5+ messages in thread From: Jan Engelhardt @ 2011-04-14 7:18 UTC (permalink / raw) To: Brian G; +Cc: netfilter-devel On Thursday 2011-04-14 09:12, Brian G wrote: > On 4/14/2011 2:03 AM, Jan Engelhardt wrote: >> On Sunday 2011-04-03 02:07, Brian G wrote: >>> On 4/2/2011 6:55 PM, Sam Roberts wrote: >>>> On Sat, Apr 2, 2011 at 1:23 AM, Brian G<unixman83@gmail.com> wrote: >>>> Does the conntrack -L output have the info you'd like? >>> Probably. Too bad my distro (CentOS) doesn't seem to provide this binary. >> Ye, enterprise distributions have a bad track record for shipping the >> complete NF suite. Avoid :/ > > TPROXY will work, it should become commonplace by the time IPv6 gets going > strong. Someone on stackoverflow answered my question, although he called > tproxy a 'hack'. It will work fine so long as it doesn't hinder performance. Hey, if TPROXY is a hack, so is the entire NAT business in itself! :) ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2011-04-14 7:18 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-04-02 8:23 How to get access to NAT info from userland Brian G
[not found] ` <AANLkTi=U8KZ_=ckSJ9yrqsTdG=L3tgtzLcDQ58mS=eRM@mail.gmail.com>
2011-04-03 0:07 ` Brian G
2011-04-14 7:03 ` Jan Engelhardt
2011-04-14 7:12 ` Brian G
2011-04-14 7:18 ` Jan Engelhardt
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.