Article delegate-en/4472 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] NAT odst available to scripts on DeleGate
28 May 2009 02:31:06 GMT =?ISO-8859-1?Q?Guilherme_V=EAnere?= <pniiqbdyi-fjxi26avzhtr.ml@ml.delegate.org>


Hello Mr Yutaka,

Thank you for your reply to my inquiry about SERVER=exec parameter. It
worked as expected.

I'm afraid I need to bother you a little more. As I explained before,
I'm trying to use DeleGate as a generic proxy on a machine i'm
configuring to study malware behaviour. As such, I'm redirecting all
traffic to any external IP to my gateway address, where I receive the
connection with DeleGate. I'm using NAT with iptables on Linux to do
the redirection.

But when DeleGate run my script (with XCOM=script.pl or
XFIL=script.pl) I want to have access to the original IP:PORT. I
tought the best way to have access to those values would be by
environment variables, so I looked at src/filter.c, and found the code
where you create the variables, and tried to add the following code
there:

static void addConnEnviron(Connection *Conn)
...
	serv = DST_HOST;
	sprintf(env,"SERVER_HOST=%s",serv); putenv(stralloc(env));

+	/* ORIG_DST */
+	sprintf(env,"ORIG_DST1=%s",Origdst_Host); putenv(stralloc(env));

+	/* ORIG_PORT */
+	sprintf(env,"ORIG_PORT1=%d",Origdst_Port); putenv(stralloc(env));

	if( addr = gethostaddr(serv) )
...

It create the variables but they are empty. I'm pretty sure there is
something else I need to do to make this work, but i can't figure it
out. Would be too much to ask for a help doing that? What should I do
to have the original IP:PORT before the NAT translation available to
my scripts?

Thank you in advance, please feel free to say no if I'm asking too much :)

Regards,

Guilherme

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V