transparent udp proxy

Ian Smith smithi at nimnet.asn.au
Fri Oct 31 17:00:45 UTC 2014 

On Fri, 31 Oct 2014 18:30:00 +0330, Hooman Fazaeli wrote:
 > On 10/31/2014 5:30 PM, Mark Felder wrote:
 > > I'm not sure if this is what you're looking for, but perhaps the
 > > solution is in net/samplicator ?
 > > 
 > >  From the project's website:
 > > 
 > > This simple program listens for UDP datagrams on a network port, and
 > > sends copies of these datagrams on to a set of destinations. Optionally,
 > > it can perform sampling, i.e. rather than forwarding every packet,
 > > forward only 1 in N. Another option is that it can "spoof" the IP source
 > > address, so that the copies appear to come from the original source,
 > > rather than the relay. Currently only supports IPv4.

 > Thanks. I do not thinks it provides what I am looking for.
 > 
 > I am not looking for an application performing a specific task, but a 
 > mechanism to get the __original__ destination address and port of 
 > packets forwarded to a local UDP proxy by ipfw fwd rules. As I 
 > figured it out until now, The original destination address may be 
 > obtained by IP_RECVDSTADDR on 9.0+ (but not on 8.x and older 
 > versions) but there seems to be no mechanism get the _original_ 
 > destination _port_ (Apart from this missing mechanism, my proxy is 
 > functional and performs what it is intended to do).

 : ipfw add 10 fwd localhost,7000 udp from any to any recv em1

Given these are local packets and that ipfw(8) /fwd states:

    The fwd action does not change the contents of the packet at all.
    In particular, the destination address remains unmodified, so
    packets forwarded to another system will usually be rejected by
    that system unless there is a matching rule on that system to
    capture them.  For packets forwarded locally, the local address
    of the socket will be set to the original destination address of
    the packet.  This makes the netstat(1) entry look rather weird
    but is intended for use with transparent proxy servers.

Has the destination port in the received packet been changed to 7000?

If not, you're all set.  If so, where else could the dst port be stored?

cheers, Ian

More information about the freebsd-net mailing list