SO_ORIGINAL_DST in php...??

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Jeff Rowberg
    #1

    SO_ORIGINAL_DST in php...??

    I'm working on a transparent proxy for spam killing (mostly just an
    experiment and a home project). I have a Linux server that is acting
    as a firewall/router/development box, and I would really like to see
    this work. I have a good grasp of both C and PHP, and though I made
    the socket part work in C, I'm finding that the database, filtering,
    editing, and basically everything else would be a HECK of a lot easier
    in PHP.

    Here's the dilemma...C has this nice little socket option you can use
    called SO_ORIGINAL_DST , which is ideal for transparent proxying. With
    netfilter (i.e. iptables), you can't get the original destination of
    redirected packets with just a plain ol' getsockname() call, which
    returns the address of the final destination (where the connection was
    redirected to). With C and SO_ORIGINAL_DST , you can get the original
    destination quite easily.

    However, there isn't any way to do that with PHP that I can see.
    Though there are plenty of socket functions, there is no
    SO_ORIGINAL_DST . There also are not many people writing transparent
    proxies in PHP, cause I haven't found any info on the net. I figured
    if there's any way to do it, this is the place to ask. Am I missing
    something? Can I patch it? Anything?

    Thanks,

    Jeff
    Tags: None
    • Jeff Rowberg
      #2
      Re: SO_ORIGINAL_DST in php...??

      On 1 May 2004 00:01:34 -0700, jeffrowberg@ade lphia.net (Jeff Rowberg)
      wrote:
      [color=blue]
      >Here's the dilemma...C has this nice little socket option you can use
      >called SO_ORIGINAL_DST , which is ideal for transparent proxying. With
      >netfilter (i.e. iptables), you can't get the original destination of
      >redirected packets with just a plain ol' getsockname() call, which
      >returns the address of the final destination (where the connection was
      >redirected to). With C and SO_ORIGINAL_DST , you can get the original
      >destination quite easily.[/color]

      Ok, so I've found a cheap way around this that does work. I wrote a
      small C program that takes a socket file descriptor for a parameter,
      then prints out the original destination info for that socket. PHP
      parses the output, and voila, it works great. Chewing gum and bailing
      wire great, but great nonetheless.

      There's another problem though. PHP doesn't provide any way to get
      the actual socket file descriptor from anything opened with
      socket_create() and other socket_xxx() functions. What PHP calls a
      "socket descriptor" in the manual is actually a PHP numbered resource.
      These on rare occasion coincide with the actual socket file descriptor
      number, but most of the time, they don't.

      So the new question is this: is there any way to decode, convert, or
      in any other way get a socket resource into an integer that contains
      the actual socket file descriptor? (I'm talking about the kind of
      file descriptor where 0 is <stdin>, 1 is <stdout>, and 2 is <stderr>,
      with 3 and above available for user-space programs).

      Thanks,

      Jeff

        Comment

        Previous template Next
        Working...