Netfilter injects network headers

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Aviad Lahav <aviad.lahav@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: Netfilter injects network headers
Date: Wed, 9 Dec 2009 18:50:32 +0200	[thread overview]
Message-ID: <85ce6a220912090850n2bc9827sfd90a82e7be6b587@mail.gmail.com> (raw)

Hi all,
I've posted this to the netfilter-users but got no response, hope I
can get more help here.

I'm trying to set up an SSL transparent proxy, and I've seen very
bizarre behavior on my system.
I've added two NAT rules to  the PREROUTING chain, looking like this:

# iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 561 packets, 70236 bytes)
 pkts bytes target     prot opt in     out     source               destination
   20  1280 REDIRECT   tcp  --  ppp0   any     anywhere
anywhere            tcp dpt:4309 redir ports 4443
    8   512 REDIRECT   tcp  --  ppp0   any     anywhere
anywhere            tcp dpt:https redir ports 4443

So I've got a listener on port 4443, accepting connections from both
ports 443 and 4309.
When I'm doing the first recv() in my accepting server, I get the
incoming connections to port 443 very well, BUT:
Incoming connections to port 4309 gets *3 extra bytes* in the
beginning of the connection (maybe also to subsequent packets, but I
haven't had the chance to see this data yet...()

The first 3 bytes I'm getting is:
0x00 0x01 0x05

My machine is an up-to-date Ubuntu 9.10 (karmic), and the packets are
coming from a client connected thru pptpd.
Anyone has a clue?

next             reply	other threads:[~2009-12-09 16:50 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-12-09 16:50 Aviad Lahav [this message]
2009-12-10 11:33 ` Netfilter injects network headers Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=85ce6a220912090850n2bc9827sfd90a82e7be6b587@mail.gmail.com \
    --to=aviad.lahav@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).