From owner-freebsd-net@FreeBSD.ORG  Sun Nov  2 01:13:52 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id ED9ADA63
 for <freebsd-net@freebsd.org>; Sun,  2 Nov 2014 01:13:52 +0000 (UTC)
Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "vps1.elischer.org",
 Issuer "CA Cert Signing Authority" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id C1FEFECA
 for <freebsd-net@freebsd.org>; Sun,  2 Nov 2014 01:13:52 +0000 (UTC)
Received: from jre-mbp.elischer.org
 (ppp121-45-239-104.lns20.per1.internode.on.net [121.45.239.104])
 (authenticated bits=0)
 by vps1.elischer.org (8.14.9/8.14.9) with ESMTP id sA21DeCw016737
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
 Sat, 1 Nov 2014 18:13:43 -0700 (PDT)
 (envelope-from julian@freebsd.org)
Message-ID: <5455853E.2030700@freebsd.org>
Date: Sun, 02 Nov 2014 09:13:34 +0800
From: Julian Elischer <julian@freebsd.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Hooman Fazaeli <hoomanfazaeli@gmail.com>,
 "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Subject: Re: transparent udp proxy
References: <54535B82.405@gmail.com>
In-Reply-To: <54535B82.405@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Nov 2014 01:13:53 -0000

On 10/31/14, 5:50 PM, Hooman Fazaeli wrote:
> Hi,
>
> I my setup, I use a fwd rule to forward all udp traffic to my local 
> proxy:
>
> ipfw add 10 fwd localhost,7000 udp from any to any recv em1
just as a nit,  I'd add "in" as well  sometimes outgoing packets can 
have a receive interface if they were routed.

>
> The proxy needs to know the original destination address of 
> forwarded datagrams, but
> there seems to be no way to obtain that address.
hmm that used to work..
>
> Using recvmsg with IP_RECVDSTADDR does not help because it returns 
> next-hop address
> instead of original destination. This is because udp_input() 
> overwrites packet's destination
> with next-hop address before doing ip_savecontrol.
This behaviour may be new since IPFORWARD was added..  My memory is 
that you could do this.
>
> It seems easy to change udp_input to pass the original dest. address 
> to ip_savecontrol.
> Another soultion would be to implement IP_RECVDSTSOCKADDR option, 
> which records the original
> destination address:port as a 'struct sockaddr_in[6]' in packet's 
> control data.
>
> Comments/suggestions are welcome.
>
>