socket.getsockopt() and SO_ORIGINAL_DST
chris
chricki at gmx.net
Fri May 21 02:51:44 EDT 2010
Hi guys,
On netfilter-based NAT systems there is theoretically a possibility to
retrieve the original address *after* NAT'ing a connection. In C, this
can be done as in squid, a transparent HTTP proxy:
http://paste.pocoo.org/show/216495/
I'd like to do the same in Python. So I started with a small script:
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('', 2626))
s.listen(1)
conn, addr = s.accept()
dst = conn.getsockopt(socket.SOL_IP, socket.SO_ORIGINAL_DST)
Since SO_ORIGINAL_DST is not defined in socket.py, the program fails:
AttributeError: 'module' object has no attribute 'SO_ORIGINAL_DST'
So I thought I'd be smart and look up the constant myself. Indeed, I
found it to be defined in:
/usr/include/linux/netfilter_ipv4.h:75:#define SO_ORIGINAL_DST 80
I replaced the getsockopt() call with
dst = conn.getsockopt(socket.SOL_IP, 80)
and ran into a new problem:
Traceback (most recent call last):
File "listen.py", line 14, in <module>
dst = conn.getsockopt(socket.SOL_IP, 80)
File "<string>", line 1, in getsockopt
socket.error: [Errno 22] Invalid argument
In C, everything works fine. But I really need this problem to be solved
in Python. Do you have any ideas?
Thanks for any support in advance and regards,
Chris
PS: I know there are ugly work-arounds to parse /proc/net/ip_conntrack
to do this job, but I will defenitely avoid that.
More information about the Python-list
mailing list