Article delegate-en/4355 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4350@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Few questions about transparent proxy & srcif
26 Jan 2009 07:27:06 GMT Master NoSFeRaTU <peihqbdyi-kvvvzvcv4r3r.ml@ml.delegate.org>


2009/1/23 Yutaka Sato <feedback@delegate.org>:
>  |No, because this function depends on where client come from, but I
>  |want that delegate routes packets ONLY through specified interface.
>
> Thank you.  Maybe this is the first time I recgnized and you mentioned
> clearly about what your requirement is, the most informative information
> for me and difficult to imagine.  It will be more helpful to for me to
> be shown why you need it.
I have multigateway router with connections to different providers, which have
private subnets with equal addresses. These connections are quite instable,
therefore situation often occurs where connection to one provider closed
and all traffic starts to route through different provider, which have
different tariffs and
more important to host which is actually not the requested one. This is not
only useless waste of  bandwidth, but also bombing host with traffic
which did not intend to it.

2009/1/23 Yutaka Sato <feedback@delegate.org>:
> In DeleGate/9.9.2-pre1, I'll change the code as the enclosed patch.
> It introduces a generic prefix in form "_-xxxx.host" for name or address.
> For example, you can use it as follows:
>
>  SRCIF=_-DontRoute.0.0.0.0    ... don't bind SRCIF but set SO_DONTROUTE
>  SRCIF=_-DontRoute.10.1.1.1    ... bind SRCIF (by add) and set SO_DONTROUTE
>  SRCIF=_-DontRoute.host.domain  ... bind SRCIF (by name) and set SO_DONTROUTE
>  SRCIF=_-DontRouteIfBound.10.1.1.1  ... set SO_DONTROUTE if bound successfully
>  SRCIF=_-DontRouteIfNotBound.10.1.1.1  ... set SO_DONTROUTE if not bound
Great, but enclosed patch don't work for me.

SRCIF=_-DontRouteIfNotBound.192.168.77.11

01/26 09:40:02.72 [67219] 1+1: REQUEST = (no-cache)[http://ya.ru:80/]
GET / HTTP/1.1^M
01/26 09:40:02.72 [67219] 1+1:
gethostbyname(_-DontRouteIfNotBound.192.168.77.11) unknown[0.00s]
01/26 09:40:02.72 [67219] 1+1: #### VSA_atosa() NULL ADDR
01/26 09:40:02.72 [67219] 1+1: bind_inet(14,255.255.255.255:0) failed:
ERRNO=49 (not a local port)
01/26 09:40:02.72 [67219] 1+1: [14] source port =
_-DontRouteIfNotBound.192.168.77.11:0 = 0.0.0.0:0
01/26 09:40:02.72 [67219] 1+1: ## connect[14] refused (51)
01/26 09:40:02.72 [67219] 1+1: [14] ConnectToServer connect failed
213.180.204.8:80 [0.00s] errno=51
01/26 09:40:02.72 [67219] 1+1: ERROR: cannot connect to http://ya.ru:80 - -1

With this patch for patch all works fine:
diff -ur delegate9.9.1.orig/src/inets.c delegate9.9.1/src/inets.c
--- delegate9.9.1.orig/src/inets.c      2009-01-26 09:15:39.000000000 +0300
+++ delegate9.9.1/src/inets.c   2009-01-26 09:15:14.000000000 +0300
@@ -2206,13 +2206,13 @@
                return;
        }
        if( *SRCHOST )
-               VSA_atosa(&Vaddr,0,gethostaddr(SRCHOST));
+               VSA_atosa(&Vaddr,0,gethostaddr(stripHostPrefix(SRCHOST)));
        else    VSA_atosa(&Vaddr,0,"0.0.0.0");
        rcode =
        bind_inets(sock,&Vaddr,0,SRCPORT);

        gethostName(sock,AVStr(sockname),"%A:%P");
-       sv1log("[%d] source port = %s:%d = %s\n",sock,SRCHOST,SRCPORT,sockname);
+       sv1log("[%d] source port = %s:%d =
%s\n",sock,stripHostPrefix(SRCHOST),SRCPORT,sockname);

        /*
        if( strheadstrX(SRCHOST,"-dontroute.",0) ){
---
01/26 09:43:23.52 [67421] 1+1: REQUEST - GET http://ya.ru/ HTTP/1.1^M
01/26 09:43:23.53 [67421] 1+1: PATH>
http://ya.ru:80!ganjanetwork.pgnet:3128!nosferatu.pgnet:12006!anonymous@nosferatu.pgnet;1232952203
01/26 09:43:23.53 [67421] 1+1: REQUEST = (no-cache)[http://ya.ru:80/]
GET / HTTP/1.1^M
01/26 09:43:23.53 [67421] 1+1: [14] source port = 192.168.77.11:0 =
192.168.77.11:56729
01/26 09:43:23.57 [67421] 1+1: ConnectToServer connected [14]
{213.180.204.8:80 <- 192.168.77.11:56729} [0.043s]
01/26 09:43:23.57 [67421] 1+1: willSTLS_SV: ServerFlags=0
01/26 09:43:23.57 [67421] 1+1: HTTP => (ya.ru:80) GET / HTTP/1.1^M
01/26 09:43:23.64 [67421] 1+1: #HT11 SERVER ver[HTTP/1.1] conn[close]
01/26 09:43:23.64 [67421] 1+1: HTTP/1.1 200 Content-{Type:text/html
Encoding:[/] Leng:4848} KA:0/0 Server:httpd
01/26 09:43:23.67 [67421] 1+1: #HT11 fputsResponse(leng=0)
01/26 09:43:23.68 [67421] 1+1: ####Gzip [0.002847] - 4848 => 2267 [25=>27]
01/26 09:43:23.68 [67421] 1+1: putMIMEmsg: Content-Length: 4848 ->
2267 (2595 - 328) [gzip]
01/26 09:43:23.68 [67421] 1+1: #CEcl put Content-Encoding:gzip
01/26 09:43:23.68 [67421] 1+1: HTTP transmitted:
247head+4848/4848body=>0txt+0bin->2267/2267, 11i/2o/0f/0.0 ---z-
01/26 09:43:23.68 [67421] 1+1: #HT11 EOF from the server(0.01 0.01)
01/26 09:43:23.68 [67421] 1+1: #HT11 close svsokcs[22,24]

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V