Deutsch English Français Italiano |
<t4jh0n$j2s$1@shakotay.alphanet.ch> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder8.news.weretis.net!news.imp.ch!news.alphanet.ch!alphanet.ch!.POSTED.catalyst.alphanet.ch!not-for-mail From: Marc SCHAEFER <schaefer@alphanet.ch> Newsgroups: fr.comp.usenet.lecteurs-de-news,fr.comp.lang.perl Subject: Re: STARTSSL Followup-To: fr.comp.lang.perl Date: Sat, 30 Apr 2022 14:27:35 -0000 (UTC) Organization: Posted through ALPHANET Message-ID: <t4jh0n$j2s$1@shakotay.alphanet.ch> References: <t4g2cm$mh9$1@shakotay.alphanet.ch> <t4g2pp$pjs$1@shakotay.alphanet.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Injection-Date: Sat, 30 Apr 2022 14:27:35 -0000 (UTC) Injection-Info: shakotay.alphanet.ch; posting-account="schaefer"; posting-host="catalyst.alphanet.ch:192.168.99.121"; logging-data="19548"; mail-complaints-to="usenet@alphanet.ch" User-Agent: tin/2.4.3-20181224 ("Glen Mhor") (UNIX) (Linux/4.19.0-20-amd64 (x86_64)) Cancel-Lock: sha256:UwxHNfXL7usXkSLnDSqckM4kd4ejqLOShyDFlpSYE/Y= Bytes: 3190 Lines: 63 [ Followup-To: fr.comp.lang.perl ] Marc SCHAEFER <schaefer@alphanet.ch> wrote: > Hmm, en fait, si ce n'est pas le cas, je pourrais évt. utiliser de la > redirection de port Linux et alors je pourrais déterminer le port > destination original avec l'option SO_ORIGINAL_DST de getsockopt(2), si > la redirection se fait sur la même machine. Voici le code correspondant, pour l'instant avec pas mal de bricolage, mais il semble fonctionner. Des recommandations pour faire mieux? Merci. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 42563 --j REDIRECT --to-port 42119 ensuite: use strict; use warnings; use Socket qw(:all); # hack (from egrep -r 'SOL_IP|SO_ORIGINAL' /usr/include/) use constant SOL_IP => 0; use constant SO_ORIGINAL_DST => 80; use IO::Socket::INET; # creating a listening socket my $socket = new IO::Socket::INET(LocalHost => '0.0.0.0', LocalPort => '42119', Proto => 'tcp', Listen => 5, Reuse => 1) or die "cannot create socket " . $! . "\n"; while (1) { # waiting for a new client connection my $client_socket = $socket->accept(); # get information about a newly connected client my $client_address = $client_socket->peerhost(); my $client_port = $client_socket->peerport(); print "connection from ", $client_address, ":", $client_port, " OPEN.\n"; my $packed_addr = getsockopt($client_socket, SOL_IP, SO_ORIGINAL_DST) or die("getsockopt"); #my ($port, $ip_address) = unpack_sockaddr_in($packed_addr); # hack my $port = ord(substr($packed_addr, 2, 1)) * 256 + ord(substr($packed_addr, 3, 1)); print "the actual server port (before redirection) is: ", $port, "\n"; # if 42563, then activate SSL! print "connection from ", $client_address, ":", $client_port, " CLOSED.\n"; $client_socket->close(); exit(0); } $socket->close(); exit(0);