SO_ORIGINAL_DST used with NAT to get original destination IP
Patrick Schaaf
bof@bof.de
Tue, 15 Jan 2002 09:49:49 +0100
Roger,
> As it stands now I understand all my applications must hacked to use
> nf_getsockname() to recover the original destination IP address after a NAT
> redirect. It was much easier with ipchains. With ipchains I could do a
> standard getsockname() call.
The "old way" was considered an ugly hack.
> Is nf_getsockname() currently the only way to accomplish this?
The SO_ORIGINAL_DST socket option is the only and good way to
accomplish this, with the current iptables implementation, and
hopefully with any new implementation in the future.
nf_getsockname() is an example for a wrapper that is a no-brainer
dropin replacement for the earlier getsockname() hack.
The C library getsockname() implementation will not magically change
for you, even if that would make your life a bit easier. Deal with it.
best regards
Patrick