Netty proxy using IP_TRANSPARENT (a.k.a TPROXY)
217 views
Skip to first unread message
Rogan Dawes
May 31, 2017, 3:14:44 AM5/31/17
to Netty discussions
Hi folks,
Has anyone implemented Linux IP_TRANSPARENT support in netty? This allows a Proxy to receive intercepted/redirected connections on a local socket, and extract the originally requested address from the socket, so that it can make an outbound connection to that address.
There is a nice article here describing how to do it for NIO and OIO connections: https://www.grahamedgecombe.com/blog/2013/12/29/linux-tproxy-server-in-java
I guess if it were to be contributed to Netty, it should be a new module along the lines of the RXTX support?
Rogan
Norman Maurer
May 31, 2017, 5:42:16 AM5/31/17
to ne...@googlegroups.com, Rogan Dawes
I don’t think so… That said maybe you could “hack” the epoll transport to add support ?
--
You received this message because you are subscribed to the Google Groups "Netty discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to netty+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/netty/18d67740-dbf2-4bd1-adc9-2a20a9495e35%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Rogan Dawes
May 31, 2017, 5:43:06 AM5/31/17
to Norman Maurer, ne...@googlegroups.com
Ok, I'll check it out. Thanks for the pointer!
Rogan Dawes
May 31, 2017, 6:26:15 AM5/31/17
to Norman Maurer, ne...@googlegroups.com
So it looks like *almost* everything that is required is there already. The only thing needed is to actually be able to set the IP_TRANSPARENT socket option:
if(setsockopt(listen_fd, SOL_IP, IP_TRANSPARENT, &yes, sizeof(yes)) == -1) {...}
and the corresponding method and Channel Option on the Java side, It should just work. Fortunately, localAddress0() already exists to get the address that the socket thinks it is connected to!
if(setsockopt(listen_fd, SOL_IP, IP_TRANSPARENT, &yes, sizeof(yes)) == -1) {...}
So, if I implemented the following method in src/main/c/io_netty_channel_epoll_Native.c:
JNIEXPORT void JNICALL Java_io_netty_channel_epoll_Native_setIpTransparent(JNIEnv* env, jclass clazz, jint fd, jint optval) {
setOption(env, fd, SOL_IP, IP_TRANSPARENT, &optval, sizeof(optval));
}
I'm happy to take suggestions on what the method and option should be called, though.
Regards,
Rogan
Reply all
Reply to author
Forward
0 new messages