Sounds like a good idea. SO_ORIGINAL_DST should be an integral part
of networking with some hooks for netfilter/nat, and on the long term
the kernel could have the generic register sockopt hooks.
>
> While we're here: right now, SO_ORIGINAL_DST is implemented in the NAT
> part of the netfilter code, using information stored in the (supposedly)
> seperate ip_conntrack module. Furthermore, a special check is made
> for the protocol being TCP. I think it would be more intuitive if the
> ip_conntrack module itself were the implementor of SO_ORIGINAL_DST,
> and it would implement it regardless of protocol. Is that feasible?
rusty?
>
> > The old transparent proxy hacks were never documented, nor did glibc
> > ever provide any support for it (it was always required to do pointer
> > hacks with sockaddr_in or declare an own sockaddr_in replacement).
>
> Huh? Could you explain that, maybe in private email? I was under the
> impression that with the old transproxy stuff, an ordinary getsockopt()
> would return "the right thing".
The old transparent proxy returned the original destination address in
the unused part of sockaddr_in in accept for TCP sockets. In case of UDP
it returned it in the sockaddr_in passed from recvmsg per packet. For the
TCP case this should be replaced with SO_ORIGINAL_DST, for UDP sockets
SO_ORIGINAL_DST can be implemented for connected sockets, for the generic
case it is cleanest to replace it with a IP control message that can be
passed in msg->msg_control.
-Andi
-- This is like TV. I don't like TV.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/