socket.getsockopt() and SO_ORIGINAL_DST

C

chris

Hi guys,

On netfilter-based NAT systems there is theoretically a possibility to
retrieve the original address *after* NAT'ing a connection. In C, this
can be done as in squid, a transparent HTTP proxy:

http://paste.pocoo.org/show/216495/


I'd like to do the same in Python. So I started with a small script:

import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('', 2626))
s.listen(1)
conn, addr = s.accept()
dst = conn.getsockopt(socket.SOL_IP, socket.SO_ORIGINAL_DST)



Since SO_ORIGINAL_DST is not defined in socket.py, the program fails:
AttributeError: 'module' object has no attribute 'SO_ORIGINAL_DST'

So I thought I'd be smart and look up the constant myself. Indeed, I
found it to be defined in:

/usr/include/linux/netfilter_ipv4.h:75:#define SO_ORIGINAL_DST 80

I replaced the getsockopt() call with

dst = conn.getsockopt(socket.SOL_IP, 80)

and ran into a new problem:

Traceback (most recent call last):
File "listen.py", line 14, in <module>
dst = conn.getsockopt(socket.SOL_IP, 80)
File "<string>", line 1, in getsockopt
socket.error: [Errno 22] Invalid argument


In C, everything works fine. But I really need this problem to be solved
in Python. Do you have any ideas?

Thanks for any support in advance and regards,
Chris

PS: I know there are ugly work-arounds to parse /proc/net/ip_conntrack
to do this job, but I will defenitely avoid that.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,899
Latest member
RodneyMcAu

Latest Threads

Top