UDP forward issue with ipfw on Freebsd8

Thu, 21 Mar 2013 13:30:00 -0700 

Hi

When I try to forward incoming UDP packets to local host without providing 
destination port, no packets are forwarded.
My ipfw rule is:

     # ipfw add 100 fwd 127.0.0.1 ipv4 from any to any dst-port 8000-11999 recv 
em1

Since I am not giving any port number after 127.0.0.1, ipfw should forward the 
packets with the destination port in the packets, but it does not.

I checked ipfw code and udp_input() in udp_usrreq.c, and modified it to forward 
to the original ports in the packets like below.

#ifdef IPFIREWALL_FORWARD
                /*
                * Grab info from PACKET_TAG_IPFORWARD tag prepended to the 
chain.
                */
                fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL);
                if (fwd_tag != NULL) {
                                struct sockaddr_in *next_hop;

                               /*
                                * Do the hack.
                                */
                                next_hop = (struct sockaddr_in *)(fwd_tag + 1);
                                ip->ip_dst = next_hop->sin_addr;
                                if (next_hop->sin_port) {      // Add this line
                                                uh->uh_dport = 
htons(next_hop->sin_port);
                               }       // and this line
                                /*
                                * Remove the tag from the packet.  We don't 
need it anymore.
                                */
                                m_tag_delete(m, fwd_tag);
                }
#endif

Basically, only if forwarding port is given, the destination port is modified. 
If not, it leaves the original destination port.

After this changes ipfw can forward the packets to the local host. But I am 
facing another issue: I cannot send any packets with the same socket which I 
received the packets from.

I checked the codes thoroughly again and found that udp_input() changes the 
destination IP address and destination port with forward rule and calls 
in_pcblookup_hash() function with forward destination IP and port while in 
Freebsd6, the destination IP and port on mbuf are not modified and 
in_pcblookup_hash() is called with the original desitnation IP and port.
I am not very familiar with the Kernel codes so I don't know if this difference 
is the reason why that application cannot send response through the forwarded 
UDP sockets.
Does anyone have any idea on how to debug it or even to solve it?

Thank you very much for your help in advance,

Ben Choi

_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[email protected]"

Reply via email to