C++ iptables redirection forming separate packets

2019-02-15 17:51发布

问题:

I have all traffic from port 50 redirected to 5050 using

iptables -t nat -A POSTROUTING -p udp --dport 50 -j REDIRECT --to-port 5050

I listen using a RAW Socket on 5050, and I see IP packets from 0.0.0.0:50 to 0.0.0.0:5050. The original destination address is obviously not present, since this seems to be a separate redirection packet from port 50 to port 5050.

If the original packet was supposed to go to a.b.c.d:50, how do I get that ip address? How can I figure out the destination address where the message was supposed to be sent to, so that I can forward it there?

I appreciate your help.

P.S.: I do not want to use libipq, since for some reason it didn't work and I wish not to waste more time getting it to work.

回答1:

Linux netfilter defines a socket option called SO_ORIGINAL_DST in <linux/netfilter_ipv4.h>.

First you need to enable port forwarding in your system, using one of these commands:

sysctl net.ipv4.ip_forward=1
echo 1 > /proc/sys/net/ipv4/ip_forward

Then you can use this:

struct sockaddr_in addr;
socklen_t addr_sz = sizeof(addr);
getsockopt(fd, IPPROTO_IP, SO_ORIGINAL_DST, &addr, &addr_sz);

I cannot find SO_ORIGINAL_DST in any Linux manpage. You may have luck finding formal documentation on the netfilter site.