Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: STARTSSL
3 views
Skip to first unread message
Marc SCHAEFER
Apr 30, 2022, 10:27:36 AM4/30/22
to
[ Followup-To: fr.comp.lang.perl ]
Marc SCHAEFER <scha...@alphanet.ch> wrote:
> Hmm, en fait, si ce n'est pas le cas, je pourrais évt. utiliser de la
> redirection de port Linux et alors je pourrais déterminer le port
> destination original avec l'option SO_ORIGINAL_DST de getsockopt(2), si
> la redirection se fait sur la même machine.
Voici le code correspondant, pour l'instant avec pas mal de bricolage,
mais il semble fonctionner. Des recommandations pour faire mieux?
Merci.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 42563 --j REDIRECT --to-port 42119
ensuite:
use strict;
use warnings;
use Socket qw(:all);
# hack (from egrep -r 'SOL_IP|SO_ORIGINAL' /usr/include/)
use constant SOL_IP => 0;
use constant SO_ORIGINAL_DST => 80;
use IO::Socket::INET;
# creating a listening socket
my $socket = new IO::Socket::INET(LocalHost => '0.0.0.0',
LocalPort => '42119',
Proto => 'tcp',
Listen => 5,
Reuse => 1) or
die "cannot create socket " . $! . "\n";
while (1) {
# waiting for a new client connection
my $client_socket = $socket->accept();
# get information about a newly connected client
my $client_address = $client_socket->peerhost();
my $client_port = $client_socket->peerport();
print "connection from ", $client_address, ":", $client_port, " OPEN.\n";
my $packed_addr = getsockopt($client_socket, SOL_IP, SO_ORIGINAL_DST)
or die("getsockopt");
#my ($port, $ip_address) = unpack_sockaddr_in($packed_addr);
# hack
my $port = ord(substr($packed_addr, 2, 1)) * 256 + ord(substr($packed_addr, 3, 1));
print "the actual server port (before redirection) is: ", $port, "\n";
# if 42563, then activate SSL!
print "connection from ", $client_address, ":", $client_port,
" CLOSED.\n";
$client_socket->close();
exit(0);
}
$socket->close();
exit(0);
Marc SCHAEFER <scha...@alphanet.ch> wrote:
> Hmm, en fait, si ce n'est pas le cas, je pourrais évt. utiliser de la
> redirection de port Linux et alors je pourrais déterminer le port
> destination original avec l'option SO_ORIGINAL_DST de getsockopt(2), si
> la redirection se fait sur la même machine.
Voici le code correspondant, pour l'instant avec pas mal de bricolage,
mais il semble fonctionner. Des recommandations pour faire mieux?
Merci.
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 42563 --j REDIRECT --to-port 42119
ensuite:
use strict;
use warnings;
use Socket qw(:all);
# hack (from egrep -r 'SOL_IP|SO_ORIGINAL' /usr/include/)
use constant SOL_IP => 0;
use constant SO_ORIGINAL_DST => 80;
use IO::Socket::INET;
# creating a listening socket
my $socket = new IO::Socket::INET(LocalHost => '0.0.0.0',
LocalPort => '42119',
Proto => 'tcp',
Listen => 5,
Reuse => 1) or
die "cannot create socket " . $! . "\n";
while (1) {
# waiting for a new client connection
my $client_socket = $socket->accept();
# get information about a newly connected client
my $client_address = $client_socket->peerhost();
my $client_port = $client_socket->peerport();
print "connection from ", $client_address, ":", $client_port, " OPEN.\n";
my $packed_addr = getsockopt($client_socket, SOL_IP, SO_ORIGINAL_DST)
or die("getsockopt");
#my ($port, $ip_address) = unpack_sockaddr_in($packed_addr);
# hack
my $port = ord(substr($packed_addr, 2, 1)) * 256 + ord(substr($packed_addr, 3, 1));
print "the actual server port (before redirection) is: ", $port, "\n";
# if 42563, then activate SSL!
print "connection from ", $client_address, ":", $client_port,
" CLOSED.\n";
$client_socket->close();
exit(0);
}
$socket->close();
exit(0);
0 new messages