[erlang-questions] how: destination address of receiving connection

Per Hedeland <>
Thu Nov 22 22:24:19 CET 2007


jm <> wrote:
>
>Originally I thought step 1 could be done with iptables redirect target, 
>but this changes the destination address of the packet. This is in the 
>man pages and has been confirmed with a quick experiment with tcpdump 
>and iptables. Can anyone suggest how I might accomplish this with out 
>having to go nuts with your own tcp/ip stack?

REDIRECT (or DNAT, but that's no advantage in this case) is surely the
way to go - and changing the destination address is what it does by
definition, and you won't get the packet through the ("incoming") TCP/IP
stack otherwise.

>For step 2, I was thinking of using a simple tcp server based on 
>http://trapexit.org/Building_a_Non-blocking_TCP_server_using_OTP_principles 
>then somehow determine the orginal destination (step 3) with some form 
>of call to the socket. Is the following from 
>http://www.erlang.org/doc/man/inet.html
>
>     sockname(Socket) -> {ok, {Address, Port}} | {error, posix()}
>
>     Types:
>
>     Socket = socket()
>     Address = ip_address()
>     Port = int()
>
>    Returns the local address and port number for a socket.
>
>extracted from the packet or elsewhere?

For TCP, it's effectively from the packet - i.e. it's actually from the
socket data structures, but you can be assured that it is the same as
the destination address in the packet(s).

The original destination address after REDIRECT/DNAT is not in the
packet or in the receiving socket's data, but you can get it from
iptables *on the host where the DNAT happened* (which is OK in your
case) by using getsockopt() with SO_ORIGINAL_DST (it's in
<linux/netfilter_ipv4.h>) - don't know if it's documented anywhere, but
there's always Google... I.e. an opportunity to use the RawOptReq
functionality of inet:getopts/2!:-)

--Per Hedeland



More information about the erlang-questions mailing list