Re: [squid-users] squid 2.6 + transparent + ipfw

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Sat, 08 Jul 2006 19:13:46 +0200

lör 2006-07-08 klockan 20:36 +0400 skrev Andrew Pantyukhin:

> "The fwd action does not change the contents of the packet at all.
> In particular, the destination address remains unmodified, so
> packets forwarded to another system will usually be rejected by
> that system unless there is a matching rule on that system to
> capture them. For packets forwarded locally, the local address
> of the socket will be set to the original destination address of
> the packet.

Ok. This should mean that getsockname() returns the real destination
address of the intercepted connection.

> I might be wrong, but I think one should compare the address
> of an accepted socket to the address of the listening socket.

Only works when the listening socket is explicitly bound to a specific
address. Quite often it's a "any" socket bound to the wildcard address
"0.0.0.0".

Regards
Henrik

Received on Sat Jul 08 2006 - 11:13:53 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT