Hi guys, On netfilter-based NAT systems there is theoretically a possibility to retrieve the original address *after* NAT'ing a connection. In C, this can be done as in squid, a transparent HTTP proxy:
http://paste.pocoo.org/show/216495/ I'd like to do the same in Python. So I started with a small script: import socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind(('', 2626)) s.listen(1) conn, addr = s.accept() dst = conn.getsockopt(socket.SOL_IP, socket.SO_ORIGINAL_DST) Since SO_ORIGINAL_DST is not defined in socket.py, the program fails: AttributeError: 'module' object has no attribute 'SO_ORIGINAL_DST' So I thought I'd be smart and look up the constant myself. Indeed, I found it to be defined in: /usr/include/linux/netfilter_ipv4.h:75:#define SO_ORIGINAL_DST 80 I replaced the getsockopt() call with dst = conn.getsockopt(socket.SOL_IP, 80) and ran into a new problem: Traceback (most recent call last): File "listen.py", line 14, in <module> dst = conn.getsockopt(socket.SOL_IP, 80) File "<string>", line 1, in getsockopt socket.error: [Errno 22] Invalid argument In C, everything works fine. But I really need this problem to be solved in Python. Do you have any ideas? Thanks for any support in advance and regards, Chris PS: I know there are ugly work-arounds to parse /proc/net/ip_conntrack to do this job, but I will defenitely avoid that. -- http://mail.python.org/mailman/listinfo/python-list