[prev in list] [next in list] [prev in thread] [next in thread]
List: tproxy
Subject: Re: [tproxy] Stunnel 4 on linux 2.6.22
From: Laszlo Attila Toth <panther () balabit ! hu>
Date: 2007-09-20 11:21:26
Message-ID: 46F257B6.90004 () balabit ! hu
[Download RAW message or body]
Hello,
The iptables patch requires for set up rules with tproxy match and
target, but for frebind no. Whithout tproxy the IP_FREEBIND works as
before, in tproxy it is only using for indicating sockets that accepts
diverted connections/packets (via TPROXY target).
The IP_FREEBIND sockopt is not related to the EINPROGRESS result, which
indicates that it is a non-blocking socket and a poll for write event is
necassery.
Mike Mattice írta:
> This strace shows my (albeit hacked up) work attempting to get stunnel
> to play with tproxy support.
>
> strace obviously doesn't know how to interpret the IP_FREEBIND passed
> to setsockopt, but other than that, it's not throwing an error there.
> Stunnel uses the EINPROGRESS error as a signal to attempt the next ip
> in the list (if it has one) so it just ends up resetting a perfectly
> good connection every time.
>
> We're using tproxy 4.0.2-2.6.22
>
> Do we _have_ to patch iptables and set up the tproxy stuff there in
> order to do the tproxy freebind stuff?
>
> Thanks...
>
>
> 779 socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 8
> 779 fcntl64(8, F_GETFL) = 0x2 (flags O_RDWR)
> 779 fcntl64(8, F_SETFL, O_RDWR|O_NONBLOCK) = 0
> 779 setsockopt(8, SOL_IP, 0xf /* IP_??? */, [1], 4) = 0
> 779 bind(8, {sa_family=AF_INET, sin_port=htons(60413),
> sin_addr=inet_addr("172.16.200.249")}, 16) = 0
> 779 connect(8, {sa_family=AF_INET, sin_port=htons(514),
> sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EINPROGRESS (Operation now
> in progress)
> _______________________________________________
> tproxy mailing list
> tproxy@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/tproxy
>
--
Panther
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic