netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* How to get access to NAT info from userland
@ 2011-04-02  8:23 Brian G
       [not found] ` <AANLkTi=U8KZ_=ckSJ9yrqsTdG=L3tgtzLcDQ58mS=eRM@mail.gmail.com>
  0 siblings, 1 reply; 5+ messages in thread
From: Brian G @ 2011-04-02  8:23 UTC (permalink / raw)
  To: netfilter-devel

I have a socket, IPv4. It is being transparent proxied to userland via a 
REDIRECT NAT target.

Is there any getsocketopt() or any syscall so I can get the REAL 
destination address off this socket from userland?

If not, I still need to know the TRUE DESTINATION when using a 
transparent proxy so I know where to send to request. What needs to 
added to the kernel (e.g. like an iptables TARGET) to get this info.

  - Brian G

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: How to get access to NAT info from userland
       [not found] ` <AANLkTi=U8KZ_=ckSJ9yrqsTdG=L3tgtzLcDQ58mS=eRM@mail.gmail.com>
@ 2011-04-03  0:07   ` Brian G
  2011-04-14  7:03     ` Jan Engelhardt
  0 siblings, 1 reply; 5+ messages in thread
From: Brian G @ 2011-04-03  0:07 UTC (permalink / raw)
  To: netfilter-devel

On 4/2/2011 6:55 PM, Sam Roberts wrote:
> On Sat, Apr 2, 2011 at 1:23 AM, Brian G<unixman83@gmail.com>  wrote:
>> If not, I still need to know the TRUE DESTINATION when using a transparent
>> proxy so I know where to send to request. What needs to added to the kernel
>> (e.g. like an iptables TARGET) to get this info.
> Does the conntrack -L output have the info you'd like?
Probably. Too bad my distro (CentOS) doesn't seem to provide this binary.
> Sam
Brian

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: How to get access to NAT info from userland
  2011-04-03  0:07   ` Brian G
@ 2011-04-14  7:03     ` Jan Engelhardt
  2011-04-14  7:12       ` Brian G
  0 siblings, 1 reply; 5+ messages in thread
From: Jan Engelhardt @ 2011-04-14  7:03 UTC (permalink / raw)
  To: Brian G; +Cc: netfilter-devel

On Sunday 2011-04-03 02:07, Brian G wrote:

> On 4/2/2011 6:55 PM, Sam Roberts wrote:
>> On Sat, Apr 2, 2011 at 1:23 AM, Brian G<unixman83@gmail.com>  wrote:
>>> If not, I still need to know the TRUE DESTINATION when using a transparent
>>> proxy so I know where to send to request. What needs to added to the kernel
>>> (e.g. like an iptables TARGET) to get this info.
>> Does the conntrack -L output have the info you'd like?
> Probably. Too bad my distro (CentOS) doesn't seem to provide this binary.
Ye, enterprise distributions have a bad track record for shipping the 
complete NF suite. Avoid :/

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: How to get access to NAT info from userland
  2011-04-14  7:03     ` Jan Engelhardt
@ 2011-04-14  7:12       ` Brian G
  2011-04-14  7:18         ` Jan Engelhardt
  0 siblings, 1 reply; 5+ messages in thread
From: Brian G @ 2011-04-14  7:12 UTC (permalink / raw)
  To: Jan Engelhardt; +Cc: netfilter-devel

On 4/14/2011 2:03 AM, Jan Engelhardt wrote:
> On Sunday 2011-04-03 02:07, Brian G wrote:
>> On 4/2/2011 6:55 PM, Sam Roberts wrote:
>>> On Sat, Apr 2, 2011 at 1:23 AM, Brian G<unixman83@gmail.com>   wrote:
>>> Does the conntrack -L output have the info you'd like?
>> Probably. Too bad my distro (CentOS) doesn't seem to provide this binary.
> Ye, enterprise distributions have a bad track record for shipping the
> complete NF suite. Avoid :/

TPROXY will work, it should become commonplace by the time IPv6 gets 
going strong. Someone on stackoverflow answered my question, although he 
called tproxy a 'hack'. It will work fine so long as it doesn't hinder 
performance.

Brian G.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: How to get access to NAT info from userland
  2011-04-14  7:12       ` Brian G
@ 2011-04-14  7:18         ` Jan Engelhardt
  0 siblings, 0 replies; 5+ messages in thread
From: Jan Engelhardt @ 2011-04-14  7:18 UTC (permalink / raw)
  To: Brian G; +Cc: netfilter-devel

On Thursday 2011-04-14 09:12, Brian G wrote:

> On 4/14/2011 2:03 AM, Jan Engelhardt wrote:
>> On Sunday 2011-04-03 02:07, Brian G wrote:
>>> On 4/2/2011 6:55 PM, Sam Roberts wrote:
>>>> On Sat, Apr 2, 2011 at 1:23 AM, Brian G<unixman83@gmail.com>   wrote:
>>>> Does the conntrack -L output have the info you'd like?
>>> Probably. Too bad my distro (CentOS) doesn't seem to provide this binary.
>> Ye, enterprise distributions have a bad track record for shipping the
>> complete NF suite. Avoid :/
>
> TPROXY will work, it should become commonplace by the time IPv6 gets going
> strong. Someone on stackoverflow answered my question, although he called
> tproxy a 'hack'. It will work fine so long as it doesn't hinder performance.

Hey, if TPROXY is a hack, so is the entire NAT business in itself! :)

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2011-04-14  7:18 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-04-02  8:23 How to get access to NAT info from userland Brian G
     [not found] ` <AANLkTi=U8KZ_=ckSJ9yrqsTdG=L3tgtzLcDQ58mS=eRM@mail.gmail.com>
2011-04-03  0:07   ` Brian G
2011-04-14  7:03     ` Jan Engelhardt
2011-04-14  7:12       ` Brian G
2011-04-14  7:18         ` Jan Engelhardt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).