How do I enable TPROXY in Perl?

charlesboyo has asked for the wisdom of the Perl Monks concerning the following question:

Hello monks.

I recently started using the TPROXY (transparent proxy) kernel extensions that make it possible to bind to non-local IP address in Linux kernel 2.6.

A recent kernel with TPROXY support is in use and netfilter/iptables has been re-compiled with TPROXY support.
Do I need to recompile Perl as well?

In the following code, setting the IP address literal on line 16 to my local IP address works. But using a non-local address causes the connect on line 22 to die with the error:

connect: Invalid argument at test line 22.

#!/usr/bin/perl

use strict;
use Socket qw(:all);

use constant SOL_IP => 0;
use constant IP_FREEBIND => 15;

$|++; # no buffering

my $proto = getprotobyname('tcp');
socket(Socket_Handle, PF_INET, SOCK_STREAM, $proto) or die "socket: $!
+";
setsockopt( Socket_Handle, SOL_IP, IP_FREEBIND, 1) or die "setsockopt:
+ $!";

# set local address to a non-local address :)
my $laddr = inet_aton('10.8.31.5');
bind(Socket_Handle, sockaddr_in(0,$laddr)) or die "bind: $!";

# attempt to connect to remote webserver
my $port = getservbyname('http', 'tcp');
my $sin = sockaddr_in($port,inet_aton("www.google.com"));
connect(Socket_Handle,$sin) or die "connect: $!";;

sleep 2;
close (Socket_Handle)            || die "close: $!";
exit;
[download]

Comment on How do I enable TPROXY in Perl? Download Code

Replies are listed 'Best First'.
Re: How do I enable TPROXY in Perl? by Illuminatus (Curate) on Apr 15, 2011 at 18:57 UTC
You should not have to rebuild perl to use tproxy I see you are using IP_FREEBIND, but I believe you really need to be using IP_TRANSPARENT (which implies FREEBIND, but is a superset) You might want to post the iptables commands you have setup. I think the connect will fail if the underlying iptables routing options are not in place. When dealing with netlink/iptables, never expect any help from the error codes. They are almost always misleading and unhelpful. I speak from experience fnord	[reply]
Re^2: How do I enable TPROXY in Perl? by charlesboyo (Beadle) on Apr 16, 2011 at 02:06 UTC
Hello. I was quite sure I should have used IP_TRANSPARENT but it wasn't defined in the headers files I had searched earlier. Doing a full system search revealed its definition and simply replacing IP_FREEBIND with IP_TRANSPARENT solved my problem. iptables work just fine, I'm using the mangle table with the TPROXY and socket targets and a custom route table as widely recommended. Thanks for the help. Charles	[reply]