tencent cloud

Global Application Acceleration Platform

Release Notes
Product Introduction
Overview
Instance Type Comparison
Product Features
Application Scenarios
Product Specification Limit
Purchase Guide
Billing Overview
Payment Overdue
Quick Start
Getting Started with Global Accelerator
Getting Started with Global Accelerator 2.0
Operation Guide
GAAP
Global Accelerator 2.0
Quota Description
GAAP
Global Accelerator 2.0
API Documentation
History
Introduction
API Category
Rule APIs
Connection Group APIs
Making API Requests
Origin Server APIs
Listener APIs
Connection APIs
Certificate APIs
Other APIs
Data Types
Error Codes
Agreement
GAAP Service Level Agreement
Data Processing And Security Agreement
Privacy Policy
FAQs
Contact Us
Glossary
DocumentationGlobal Application Acceleration PlatformOperation GuideGAAPObtaining Real Client IPObtaining Real Client IP Through TOA (TCP Only)Basic Principles

Basic Principles

PDF
Focus Mode
Font Size
Last updated: 2024-10-14 16:52:06
When an acceleration connection forwards the data packet, SNAT and DNAT will be performed on the packet; that is, the source and destination addresses of the data packet will be modified. The packet source address seen by the origin server will be the forwarding IP address of the acceleration connection, rather than the real client IP. To pass the client IP to the server, the acceleration connection will include the client IP and port in the custom tcp option field when forwarding the packet, as shown below:
#define TCPOPT_ADDR  200
#define TCPOLEN_ADDR 8   /* |opcode|size|ip+port| = 1 + 1 + 6 */

/*
    * insert client ip in tcp option.
    * must be 4 bytes alignment.
    */

    struct ip_vs_tcpo_addr{
        __u8 opcode;
            __u8 opsize;
            __u16 port;
            __u32 addr;
    };
After the Linux kernel has received the ACK packet of three-way handshake while listening the socket, its status is changed from SYN_REVC to TCP_ESTABLISHED. In this case, the kernel calls the tcp_v4_syn_recv_sock function. The Hook function tcp_v4_syn_recv_sock_toa calls the original tcp_v4_syn_recv_sock function, then extracts TOA OPTION from the TCP OPTION by calling the get_toa_data function, and saves it in the sk_user_data field. After the above call is completed, the kernel calls inet_getname_toa hook inet_getname to obtain the source IP and port. It first calls the original inet_getname, and check whether the sk_user_data field is empty. If the real IP and port can be extracted from this field, then replace the returned values of inet_getname with these two values. The server program calls getpeername in the user mode, and the client's original IP and port are returned.
Previous Topic: Certificate ManagementNext Topic: Step 1: Create TCP Listener and Enable TOA

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback