From owner-freebsd-net@FreeBSD.ORG Sat Nov 1 12:08:41 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 655F1E8; Sat, 1 Nov 2014 12:08:41 +0000 (UTC) Received: from mail-wi0-x22d.google.com (mail-wi0-x22d.google.com [IPv6:2a00:1450:400c:c05::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CB698E4F; Sat, 1 Nov 2014 12:08:40 +0000 (UTC) Received: by mail-wi0-f173.google.com with SMTP id n3so3180699wiv.12 for ; Sat, 01 Nov 2014 05:08:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=+Qrb8VLlc7TT+OA2A1Fhc+NHpa2loyKle8r3Mj1Cenc=; b=XduhlgQrh5W6fzs1fEUO9OObZ73Z7Iii9o9jmQfpkfPR1Vevj4SgmcUh6bZGqSDlIn uFfiEqNq7xFti3IxADbVqLi1qKemINSwqH7kLXnkoQq43FPg2H+lmgE/90uFP3diMVgi cqheELdMS6D8xU/LSXU2ZB5GrXovbSXMrCkI3RIXW3kKeCSQzkNH6bE90v60P44VkdrR s2YschzamC5bU3/yzIpsx+p3so5sdYG1VAQMPEkT8oSysyV5rwhhuVET7X2MEgqvmwR/ 2JTbFF2jUgwW8IfoJ15CfqPTyQj016y9j+nYicfC+Yp/hJ+pcR7J9eW4Zm/kfJLAFBTR Nnxg== X-Received: by 10.180.205.171 with SMTP id lh11mr3619438wic.66.1414843718978; Sat, 01 Nov 2014 05:08:38 -0700 (PDT) Received: from [192.168.2.30] ([2.176.150.113]) by mx.google.com with ESMTPSA id wc7sm15185143wjc.8.2014.11.01.05.08.35 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 01 Nov 2014 05:08:38 -0700 (PDT) Message-ID: <5454CD41.9010704@gmail.com> Date: Sat, 01 Nov 2014 15:38:33 +0330 From: Hooman Fazaeli User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130215 Thunderbird/17.0.3 MIME-Version: 1.0 To: Ian Smith Subject: Re: transparent udp proxy References: <54535B82.405@gmail.com> <1414764053.1422501.185543329.39B66970@webmail.messagingengine.com> <5453A3F0.7010706@gmail.com> <20141101035050.R52402@sola.nimnet.asn.au> In-Reply-To: <20141101035050.R52402@sola.nimnet.asn.au> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Mark Felder X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Nov 2014 12:08:41 -0000 On 10/31/2014 8:30 PM, Ian Smith wrote: > On Fri, 31 Oct 2014 18:30:00 +0330, Hooman Fazaeli wrote: > > On 10/31/2014 5:30 PM, Mark Felder wrote: > > > I'm not sure if this is what you're looking for, but perhaps the > > > solution is in net/samplicator ? > > > > > > From the project's website: > > > > > > This simple program listens for UDP datagrams on a network port, and > > > sends copies of these datagrams on to a set of destinations. Optionally, > > > it can perform sampling, i.e. rather than forwarding every packet, > > > forward only 1 in N. Another option is that it can "spoof" the IP source > > > address, so that the copies appear to come from the original source, > > > rather than the relay. Currently only supports IPv4. > > > Thanks. I do not thinks it provides what I am looking for. > > > > I am not looking for an application performing a specific task, but a > > mechanism to get the __original__ destination address and port of > > packets forwarded to a local UDP proxy by ipfw fwd rules. As I > > figured it out until now, The original destination address may be > > obtained by IP_RECVDSTADDR on 9.0+ (but not on 8.x and older > > versions) but there seems to be no mechanism get the _original_ > > destination _port_ (Apart from this missing mechanism, my proxy is > > functional and performs what it is intended to do). > > : ipfw add 10 fwd localhost,7000 udp from any to any recv em1 > > Given these are local packets and that ipfw(8) /fwd states: > > The fwd action does not change the contents of the packet at all. > In particular, the destination address remains unmodified, so > packets forwarded to another system will usually be rejected by > that system unless there is a matching rule on that system to > capture them. For packets forwarded locally, the local address > of the socket will be set to the original destination address of > the packet. This makes the netstat(1) entry look rather weird > but is intended for use with transparent proxy servers. For FreeBSDs before 9.0, that description is only correct for TCP packets. For 9.0+, it is true for both UDP and TCP. Old kernels (before 9.0), change the destination of UDP packets forwarded to a local address to the forwarded-to address and port (those specified in the fwd rule). > Has the destination port in the received packet been changed to 7000? > > If not, you're all set. If so, where else could the dst port be stored? > > cheers, Ian There is no way to get the destination port. That is the problem. recvmsg(2) only returns source address+port and destination IP address. (on 9.0+). -- Best regards. Hooman Fazaeli