Package org.mockserver.netty.proxy

Class SoOriginalDstHelper

java.lang.Object

org.mockserver.netty.proxy.SoOriginalDstHelper

public class SoOriginalDstHelper
extends Object

Reads the original destination of an intercepted TCP connection on Linux.

When iptables -j REDIRECT rewrites a packet's destination, the kernel records the original destination in the conntrack table. The standard way to retrieve it is getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, ...) but Netty does not expose this socket option (not even via EpollChannelOption).

This helper uses a JNI-free fallback: it parses /proc/net/nf_conntrack (or the legacy /proc/net/ip_conntrack) to look up the original destination by matching the connection's local and remote addresses. This approach is used by several production transparent proxies and works on standard Linux kernels with nf_conntrack loaded.

Limitations (honest):

• Linux only. On other OSes, getOriginalDestination(io.netty.channel.Channel) throws UnsupportedOperationException.
• Requires the nf_conntrack (or ip_conntrack) kernel module to be loaded and readable by the MockServer process.
• The conntrack lookup is O(n) where n = number of tracked connections. For high-connection-rate deployments consider the JNI-based SO_ORIGINAL_DST approach (not yet implemented).
• IPv6 original-destination lookup is supported but requires /proc/net/nf_conntrack (not the legacy ip_conntrack).
• If the conntrack entry has been flushed or the file is unreadable, returns null (caller falls back to Host header).

Method Summary

Modifier and Type	Method	Description
static InetSocketAddress	getOriginalDestination(io.netty.channel.Channel channel)	Attempts to read the original destination of the connection associated with the given Netty channel.
static boolean	isSupported()	Returns true if the current OS is Linux, which is the only platform where SO_ORIGINAL_DST / conntrack-based original destination resolution is supported.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

isSupported

public static boolean isSupported()

Returns true if the current OS is Linux, which is the only platform where SO_ORIGINAL_DST / conntrack-based original destination resolution is supported.

getOriginalDestination

public static InetSocketAddress getOriginalDestination(io.netty.channel.Channel channel)

Attempts to read the original destination of the connection associated with the given Netty channel.

Parameters:

channel - the accepted Netty channel

Returns:

the original destination address, or null if it could not be determined (caller should fall back to Host header)

Throws:

UnsupportedOperationException - on non-Linux platforms