Date: Sat, 1 Nov 2014 04:00:41 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Hooman Fazaeli <hoomanfazaeli@gmail.com> Cc: freebsd-net@freebsd.org, Mark Felder <feld@freebsd.org> Subject: Re: transparent udp proxy Message-ID: <20141101035050.R52402@sola.nimnet.asn.au> In-Reply-To: <5453A3F0.7010706@gmail.com> References: <54535B82.405@gmail.com> <1414764053.1422501.185543329.39B66970@webmail.messagingengine.com> <5453A3F0.7010706@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 31 Oct 2014 18:30:00 +0330, Hooman Fazaeli wrote: > On 10/31/2014 5:30 PM, Mark Felder wrote: > > I'm not sure if this is what you're looking for, but perhaps the > > solution is in net/samplicator ? > > > > From the project's website: > > > > This simple program listens for UDP datagrams on a network port, and > > sends copies of these datagrams on to a set of destinations. Optionally, > > it can perform sampling, i.e. rather than forwarding every packet, > > forward only 1 in N. Another option is that it can "spoof" the IP source > > address, so that the copies appear to come from the original source, > > rather than the relay. Currently only supports IPv4. > Thanks. I do not thinks it provides what I am looking for. > > I am not looking for an application performing a specific task, but a > mechanism to get the __original__ destination address and port of > packets forwarded to a local UDP proxy by ipfw fwd rules. As I > figured it out until now, The original destination address may be > obtained by IP_RECVDSTADDR on 9.0+ (but not on 8.x and older > versions) but there seems to be no mechanism get the _original_ > destination _port_ (Apart from this missing mechanism, my proxy is > functional and performs what it is intended to do). : ipfw add 10 fwd localhost,7000 udp from any to any recv em1 Given these are local packets and that ipfw(8) /fwd states: The fwd action does not change the contents of the packet at all. In particular, the destination address remains unmodified, so packets forwarded to another system will usually be rejected by that system unless there is a matching rule on that system to capture them. For packets forwarded locally, the local address of the socket will be set to the original destination address of the packet. This makes the netstat(1) entry look rather weird but is intended for use with transparent proxy servers. Has the destination port in the received packet been changed to 7000? If not, you're all set. If so, where else could the dst port be stored? cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141101035050.R52402>