From owner-freebsd-net@FreeBSD.ORG Sun Nov 2 03:10:31 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D28B749C for ; Sun, 2 Nov 2014 03:10:31 +0000 (UTC) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A563EBAA for ; Sun, 2 Nov 2014 03:10:31 +0000 (UTC) Received: from jre-mbp.elischer.org (ppp121-45-239-104.lns20.per1.internode.on.net [121.45.239.104]) (authenticated bits=0) by vps1.elischer.org (8.14.9/8.14.9) with ESMTP id sA23ARjW017061 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sat, 1 Nov 2014 20:10:29 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <5455A09C.6030808@freebsd.org> Date: Sun, 02 Nov 2014 11:10:20 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: Hooman Fazaeli , "freebsd-net@freebsd.org" Subject: Re: transparent udp proxy References: <54535B82.405@gmail.com> <5455853E.2030700@freebsd.org> In-Reply-To: <5455853E.2030700@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 03:10:31 -0000 On 11/2/14, 9:13 AM, Julian Elischer wrote: > On 10/31/14, 5:50 PM, Hooman Fazaeli wrote: >> Hi, >> >> I my setup, I use a fwd rule to forward all udp traffic to my local >> proxy: >> >> ipfw add 10 fwd localhost,7000 udp from any to any recv em1 > just as a nit, I'd add "in" as well sometimes outgoing packets can > have a receive interface if they were routed. > >> >> The proxy needs to know the original destination address of >> forwarded datagrams, but >> there seems to be no way to obtain that address. > hmm that used to work.. >> >> Using recvmsg with IP_RECVDSTADDR does not help because it returns >> next-hop address >> instead of original destination. This is because udp_input() >> overwrites packet's destination >> with next-hop address before doing ip_savecontrol. > This behaviour may be new since IPFORWARD was added.. My memory is > that you could do this. >> >> It seems easy to change udp_input to pass the original dest. >> address to ip_savecontrol. >> Another soultion would be to implement IP_RECVDSTSOCKADDR option, >> which records the original >> destination address:port as a 'struct sockaddr_in[6]' in packet's >> control data. >> >> Comments/suggestions are welcome. apply the following patches to your kernel http://svnweb.freebsd.org/base/stable/9/sys/netinet/udp_usrreq.c?r1=225043&r2=225044& and http://svnweb.freebsd.org/base/stable/9/sys/netinet/udp_usrreq.c?r1=243585&r2=243586& >> >> > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >