tags:

views:

71

answers:

1
+1  Q: 

C++ iptables redirection forming separate packets

I have all traffic from port 50 redirected to 5050 using 

iptables -t nat -A POSTROUTING -p udp --dport 50 -j REDIRECT --to-port 5050

I listen using a RAW Socket on 5050, and I see IP packets from 0.0.0.0:50 to 0.0.0.0:5050. The original destination address is obviously not present, since this seems to be a separate redirection packet from port 50 to port 5050.

If the original packet was supposed to go to a.b.c.d:50, how do I get that ip address? How can I figure out the destination address where the message was supposed to be sent to, so that I can forward it there?

I appreciate your help.

P.S.: I do not want to use libipq, since for some reason it didn't work and I wish not to waste more time getting it to work.

+3  A: 

Linux netfilter defines a socket option called SO_ORIGINAL_DST in <linux/netfilter_ipv4.h>.

First you need to enable port forwarding in your system, using one of these commands:

sysctl net.ipv4.ip_forward=1
echo 1 > /proc/sys/net/ipv4/ip_forward

Then you can use this:

struct sockaddr_in addr;
socklen_t addr_sz = sizeof(addr);
getsockopt(fd, IPPROTO_IP, SO_ORIGINAL_DST, &addr, &addr_sz);

I cannot find SO_ORIGINAL_DST in any Linux manpage. You may have luck finding formal documentation on the netfilter site.

camh  2010-10-16 23:38:09
Thanks for replying. No it doesn't work either. It gives my_ip_address:0 . Can we get this done any other way?
SkypeMeSM  2010-10-17 02:25:08
@SkypeMeSM: `SO_ORIGINAL_DST` requires you to enable port forwarding. It should fix your problem.
jweyrich  2010-10-17 04:00:38
@jweyrich: Thank you for replying. I have done it. system("sysctl net.ipv4.ip_forward=1");addr_len = sizeof(struct sockaddr);getsockopt(sip_socket, IPPROTO_IP_IP, SO_ORIGINAL_DST, cout << inet_ntoa(sender_addr.sin_addr) << ":" << ntohs(sender_addr.sin_port) << endl;
SkypeMeSM  2010-10-17 04:30:06
Sorry about that unaligned code in the comment. Basically I am setting the options properly. When a packet is received from a.b.c.d:50 to my_ip:50, it is redirected as a separate packet from my_ip:50 to my_ip:5050. Using SO_ORIGINAL_DST gives me my_ip:0, while I need a.b.c.d:50.
SkypeMeSM  2010-10-17 04:32:35
@SkypeMeSM: try passing `SOL_IP` instead of `IPPROTO_IP`.
jweyrich  2010-10-17 05:18:20
did that earlier.. same result...
SkypeMeSM  2010-10-17 06:04:14
@SkypeMeSM: another important thing is that you must use PREROUTING instead of POSTROUTING because destination NAT only works before routing.
jweyrich  2010-10-17 06:32:51
@jweyrich: I am using PREROUTING to forward the incoming packets and POSTROUTING to forward the outgoing packets to the new port 5050. Is that the correct thing to do?
SkypeMeSM  2010-10-17 07:19:07
@SkypeMeSM: want to discuss it in the Networking chat room?
jweyrich  2010-10-17 07:40:13
If I'm wrong, I hope someone correct me. I think this solution doesn't work for connectionless sockets because it's part of the conntrack module. See our conversation here: http://chat.stackoverflow.com/transcript/message/10324#10324
jweyrich  2010-10-17 08:53:17
@SkypeMeSM: just found a project that might interest you. Read this specific topic: http://zorp-unoff.sourceforge.net/faq-4.html#ss4.5
jweyrich  2010-10-17 10:40:58
@jweyrich: Thanks for the link. 'tproxy' seems to be an iptable patch, which requires that after installation, the linux kernel must be compiled again. This is not very feasible for my application, unfortunately.
SkypeMeSM  2010-10-18 02:19:15
Can we use ip routes or a tunnel interface in some way??
SkypeMeSM  2010-10-18 02:36:50

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS