Article <t4jh0n$j2s$1@shakotay.alphanet.ch>

Deutsch English FranÃ§ais Italiano
<t4jh0n$j2s$1@shakotay.alphanet.ch>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!weretis.net!feeder8.news.weretis.net!news.imp.ch!news.alphanet.ch!alphanet.ch!.POSTED.catalyst.alphanet.ch!not-for-mail
From: Marc SCHAEFER <schaefer@alphanet.ch>
Newsgroups: fr.comp.usenet.lecteurs-de-news,fr.comp.lang.perl
Subject: Re: STARTSSL
Followup-To: fr.comp.lang.perl
Date: Sat, 30 Apr 2022 14:27:35 -0000 (UTC)
Organization: Posted through ALPHANET
Message-ID: <t4jh0n$j2s$1@shakotay.alphanet.ch>
References: <t4g2cm$mh9$1@shakotay.alphanet.ch> <t4g2pp$pjs$1@shakotay.alphanet.ch>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Sat, 30 Apr 2022 14:27:35 -0000 (UTC)
Injection-Info: shakotay.alphanet.ch; posting-account="schaefer"; posting-host="catalyst.alphanet.ch:192.168.99.121";
	logging-data="19548"; mail-complaints-to="usenet@alphanet.ch"
User-Agent: tin/2.4.3-20181224 ("Glen Mhor") (UNIX) (Linux/4.19.0-20-amd64 (x86_64))
Cancel-Lock: sha256:UwxHNfXL7usXkSLnDSqckM4kd4ejqLOShyDFlpSYE/Y=
Bytes: 3190
Lines: 63

[ Followup-To: fr.comp.lang.perl ]

Marc SCHAEFER <schaefer@alphanet.ch> wrote:
> Hmm, en fait, si ce n'est pas le cas, je pourrais évt. utiliser de la
> redirection de port Linux et alors je pourrais déterminer le port
> destination original avec l'option SO_ORIGINAL_DST de getsockopt(2), si
> la redirection se fait sur la même machine.

Voici le code correspondant, pour l'instant avec pas mal de bricolage,
mais il semble fonctionner. Des recommandations pour faire mieux?

Merci.

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 42563 --j REDIRECT --to-port 42119

ensuite:

use strict;
use warnings;

use Socket qw(:all);

# hack (from egrep -r 'SOL_IP|SO_ORIGINAL' /usr/include/)
use constant SOL_IP => 0;
use constant SO_ORIGINAL_DST => 80;

use IO::Socket::INET;

# creating a listening socket
my $socket = new IO::Socket::INET(LocalHost => '0.0.0.0',
                                  LocalPort => '42119',
                                  Proto => 'tcp',
                                  Listen => 5,
                                  Reuse => 1) or
   die "cannot create socket " . $! . "\n";

while (1) {
   # waiting for a new client connection
   my $client_socket = $socket->accept();

   # get information about a newly connected client
   my $client_address = $client_socket->peerhost();
   my $client_port = $client_socket->peerport();
   print "connection from ", $client_address, ":", $client_port, " OPEN.\n";

   my $packed_addr = getsockopt($client_socket, SOL_IP, SO_ORIGINAL_DST)
                     or die("getsockopt");
   #my ($port, $ip_address) = unpack_sockaddr_in($packed_addr);

   # hack
   my $port = ord(substr($packed_addr, 2, 1)) * 256 +  ord(substr($packed_addr, 3, 1));

   print "the actual server port (before redirection) is: ", $port, "\n";
   # if 42563, then activate SSL!

   print "connection from ", $client_address, ":", $client_port,
            " CLOSED.\n";
   $client_socket->close();
   exit(0);
}

$socket->close();
exit(0);