Article delegate-en/4339 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4337@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Few questions about transparent proxy & srcif
08 Jan 2009 17:12:00 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A4337@delegate-en.ML_> on 01/08/09(13:06:23) I wrote:
 | | Q1) I spend some time to search in mail-archives, but can't find how
 | |to setup a squid-like transparent proxy(http_port 127.0.0.1:3128
 | |transparent). I'm using freebsd, I add such rule:
 | |ipfw add 2000 fwd 127.0.0.1,3128 tcp from CLIENTIP to any http
 | |On 127.0.0.1:3128 run delegate, with various variants in config: from
 | |RELAY=vhost to SERVER=http://odst.-:- But I receive any answers: from
 |
 |"odst.-" requires SO_ORIGINAL_DST option of setsockopt() and it is enabled
 |maybe only on Linux.  It is hardcoded as follows in "nbio.c".
...
 |As this code shows, it irequires SOL_IP and EOPNOTSUPP to be defined to
 |be enabled.  If it is not the case in FreeBSD, and SO_ORIGINAL_DST is
 |available, you can add the conditions for FreeBSD.
 |Anyway I'll modify the code to automatically detect the availability of
 |SO_ORIGINAL_DST in the next release.

I noticed that maybe FreeBSD does not support SO_ORIGINAL_DST, but
instead (?) it substitutes the result of getsockname() with the
destination host and port.  I feel it unbelievablly xxxy ;) because
I don't know how I can get the real getsockname() of self, but anyway
I can cope with it as the enclosed patch.  I confirmed it to work
by the following test:

  XXX.1% sudo ipfw add 1000 fwd 127.0.0.1:9999 tcp from YYY to any 80
  XXX.2% delegated -fv -P9999 SERVER=http://odst.-:-
  YYY.3% sudo route add -host 210.155.199.28 XXX
  YYY.5% telnet www.delegate.org 80
  GET / HTTP/1.0
  Host: www.delegate.org


  ---[XXX.2%]---
  01/09 02:04:05.38 [20656] 0+0: --INITIALIZATION DONE-09010902+0900: 9.9.1-pre7 on Darwin/8.11.0--
  01/09 02:04:05.39 [20656] 0+0: logMMap: 9F0000 1336
  01/09 02:04:05.39 [20656] 0+0: LOG-Socketpair[21,22]
  01/09 02:05:18.24 [20676] 1+0: -- Fork(SequentialServer): 20656 -> 20676
  01/09 02:05:18.28 [20676] 1+1: ##NAT clif/xyz-net.or.jp:80 odst/xyz-net.or.jp:80 clnt/192.168.1.YYY:61989
  01/09 02:05:18.28 [20676] 1+1: (0) accepted [26] -@[192.168.1.YYY]192.168.1.YYY:61989 ##NAT210.155.199.28/xyz-net.or.jp:80 (0.043s)(1)
  01/09 02:05:18.28 [20676] 1+1: ##NAT (3) redirect: 210.155.199.28:80 (odst.-:80)
  01/09 02:05:18.29 [20676] 1+1: ##NAT mapped port 80 <- 80 80 [0](3)
  01/09 02:05:18.36 [20676] 1+1: Proxy: host=192.168.1.YYY; User-Agent: ; DIRECT
  01/09 02:05:18.37 [20676] 1+1: REQUEST - GET /delegate/ HTTP/1.0^M
  01/09 02:05:18.40 [20676] 1+1: PATH> http://www.delegate.org:80!xyz-net.or.jp:80!192.168.1.YYY:61989!anonymous@192.168.1.YYY;1231434318
  01/09 02:05:18.40 [20676] 1+1: REQUEST = [http://www.delegate.org:80/] GET /delegate/ HTTP/1.0^M
  01/09 02:05:18.40 [20676] 1+1: ##NAT forwarding by ORIGDST [210.155.199.28:80] <= [xyz-net.or.jp:80]
  01/09 02:05:18.40 [20676] 1+1: ##NAT mapped port 80 <- 80 80 [0](3)
  01/09 02:05:18.41 [20676] 1+1: ConnectToServer connected [25] {210.155.199.28:80 <- 192.168.1.20:59588} [0.001s]
  01/09 02:05:18.41 [20676] 1+1: willSTLS_SV: ServerFlags=0
  01/09 02:05:18.42 [20676] 1+1: HTTP => (www.delegate.org:80) GET /delegate/ HTTP/1.0^M

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

diff -cr dist/src/delegate9.9.1-pre6/rary/nbio.c ./rary/nbio.c
*** dist/src/delegate9.9.1-pre6/rary/nbio.c	Sun Dec 28 20:33:49 2008
--- ./rary/nbio.c	Fri Jan  9 01:49:14 2009
***************
*** 1571,1576 ****
--- 1571,1579 ----
  	return -1;
  }
  int getorigdst(int sock,struct sockaddr *dst,int *dstlen){
+ 	if( lORIGDST() ){
+ 		return getsockname(sock,dst,dstlen);
+ 	}
  	return -1;
  }
  int getorigsrc(int sock,struct sockaddr *src,int *srclen){
diff -cr dist/src/delegate9.9.1-pre6/src/delegated.c ./src/delegated.c
*** dist/src/delegate9.9.1-pre6/src/delegated.c	Sat Jan  3 22:38:53 2009
--- ./src/delegated.c	Fri Jan  9 01:59:46 2009
***************
*** 3903,3913 ****
--- 3903,3915 ----
  	scan_condargs(Conn);
  
  	if( lORIGDST() ){
+ 		int withORIGINAL_DST();
  		int clsock = getEfd(clSock);
  		IStr(addr,128);
  		if( VA_getodstNAME(clsock,Origdst_VAddr) )
  		if( CLIF_PORT != Origdst_Port
  		 || !streq(CLIF_HOST,Origdst_Host)
+ 		 || !withORIGINAL_DST() /* BSD,MacOSX */
  		){
  			sv1log("##NAT clif/%s:%d odst/%s:%d clnt/%s:%d\n",
  				CLIF_HOST,CLIF_PORT,

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V