get*name() hack?

[Rusty Russell]

In message <Pine.LNX.4.21.0003221701570.24739-100000@ferret.lmh.ox.ac.uk> you w
rite:
> Hi,
> 
> A few questions from one mostly scared of the networking
> code:
> 
> Does the transproxy getsockname() hack still work under the
> new regime?  If not, what do we do these days?
> 
> What did the getpeername() hack do?

I meant getsockname(), sorry (where did you read this, so I can fix
it?)  Transproxy hacks gone.  Yay!  See below for example of new
stuff (thanks to Patrick Schaaf).

> What's the new stuff called?  Is it just called Netfilter, or
> is it called "iptables, which happens to use the Netfilter
> infrastructure"?  Or something else?

`iptables, which happens to use the Netfilter infrastructure'.

Rusty.
================
/* nf_getsockname() - netfilter SO_ORIGINAL_DST variant of getsockopt()
 *
 * Within the new Linux netfilter framework, NAT functionality is cleanly
 * separated from the TCP/IP core processing. In old days, you could easily
 * retrieve the original destination (IP address and port) of a transparently
 * proxied connection by calling the normal getsockname() syscall.
 * With netfilter, getsockname() returns the real local IP address and port.
 * However, the netfilter code gives all TCP sockets a new socket option,
 * SO_ORIGINAL_DST, for retrieval of the original IP/port combination.
 *
 * This file implements a function nf_getsockname(), with the same calling
 * convention as getsockname() itself; it uses SO_ORIGINAL_DST, and if that
 * fails, falls back to using getsockname() itself.
 *
 * Public domain by Patrick Schaaf <bof@bof.de>
 */

#include <errno.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <linux/netfilter_ipv4.h>

int nf_getsockname(int fd, struct sockaddr *sa, int *salen)
{
	if (*salen != sizeof(struct sockaddr_in)) {
		errno = EINVAL;
		return -1;
	}
#ifdef SO_ORIGINAL_DST
	if (0 == getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, sa, salen)) {
		return 0;
	}
#endif
	return getsockname(fd, sa, salen);
}
================
--
Hacking time.