transparent udp proxy

Hooman Fazaeli hoomanfazaeli at gmail.com
Sat Nov 1 12:08:41 UTC 2014 

On 10/31/2014 8:30 PM, Ian Smith wrote:
> On Fri, 31 Oct 2014 18:30:00 +0330, Hooman Fazaeli wrote:
>   > On 10/31/2014 5:30 PM, Mark Felder wrote:
>   > > I'm not sure if this is what you're looking for, but perhaps the
>   > > solution is in net/samplicator ?
>   > >
>   > >  From the project's website:
>   > >
>   > > This simple program listens for UDP datagrams on a network port, and
>   > > sends copies of these datagrams on to a set of destinations. Optionally,
>   > > it can perform sampling, i.e. rather than forwarding every packet,
>   > > forward only 1 in N. Another option is that it can "spoof" the IP source
>   > > address, so that the copies appear to come from the original source,
>   > > rather than the relay. Currently only supports IPv4.
>
>   > Thanks. I do not thinks it provides what I am looking for.
>   >
>   > I am not looking for an application performing a specific task, but a
>   > mechanism to get the __original__ destination address and port of
>   > packets forwarded to a local UDP proxy by ipfw fwd rules. As I
>   > figured it out until now, The original destination address may be
>   > obtained by IP_RECVDSTADDR on 9.0+ (but not on 8.x and older
>   > versions) but there seems to be no mechanism get the _original_
>   > destination _port_ (Apart from this missing mechanism, my proxy is
>   > functional and performs what it is intended to do).
>
>   : ipfw add 10 fwd localhost,7000 udp from any to any recv em1
>
> Given these are local packets and that ipfw(8) /fwd states:
>
>      The fwd action does not change the contents of the packet at all.
>      In particular, the destination address remains unmodified, so
>      packets forwarded to another system will usually be rejected by
>      that system unless there is a matching rule on that system to
>      capture them.  For packets forwarded locally, the local address
>      of the socket will be set to the original destination address of
>      the packet.  This makes the netstat(1) entry look rather weird
>      but is intended for use with transparent proxy servers.
For FreeBSDs before 9.0, that description is only correct for TCP packets. For 9.0+, it is true for both UDP and TCP.

Old kernels (before 9.0), change the destination of UDP packets forwarded to a local address to
the forwarded-to address and port (those specified in the fwd rule).

> Has the destination port in the received packet been changed to 7000?
>
> If not, you're all set.  If so, where else could the dst port be stored?
>
> cheers, Ian
There is no way to get the destination port. That is the problem.
recvmsg(2) only returns source address+port  and destination IP address. (on 9.0+).

-- 

Best regards.
Hooman Fazaeli

More information about the freebsd-net mailing list