C ++ iptables重定向形成单独的数据包 [英] C++ iptables redirection forming separate packets

问题描述

我有来自端口50的所有流量重定向到5050使用

  iptables -t nat -A POSTROUTING -p udp  - dport 50 -j REDIRECT --to-port 5050 
  

我使用5050上的RAW Socket我看到从0.0.0.0:50到0.0.0.0:5050的IP数据包。
原始目标地址显然不存在，因为这似乎是从端口50到端口5050的单独重定向数据包。

如果原始数据包去abcd：50，我该如何得到那个ip地址？

我非常感谢您的帮助。

我想知道邮件应该发送到的目的地址，

PS：我不想使用libipq，因为某些原因，它没有工作，我希望不浪费更多的时间让它工作。

$ b $ Linux netfilter在< linux / linux下定义了一个名为 SO_ORIGINAL_DST 的套接字选项; netfilter_ipv4.h> 。

首先，您需要使用以下命令之一在系统中启用端口转发：

  sysctl net.ipv4.ip_forward = 1 
 echo 1> / proc / sys / net / ipv4 / ip_forward 
  

然后你可以使用：

  struct sockaddr_inaddr; 
 socklen_t addr_sz = sizeof（addr）; 
 getsockopt（fd，IPPROTO_IP，SO_ORIGINAL_DST，& addr，& addr_sz）; 
  

在任何Linux联机帮助页中找不到 SO_ORIGINAL_DST 。您可能有运气在netfilter站点上查找正式文档。

I have all traffic from port 50 redirected to 5050 using

iptables -t nat -A POSTROUTING -p udp --dport 50 -j REDIRECT --to-port 5050

I listen using a RAW Socket on 5050, and I see IP packets from 0.0.0.0:50 to 0.0.0.0:5050. The original destination address is obviously not present, since this seems to be a separate redirection packet from port 50 to port 5050.

If the original packet was supposed to go to a.b.c.d:50, how do I get that ip address? How can I figure out the destination address where the message was supposed to be sent to, so that I can forward it there?

I appreciate your help.

P.S.: I do not want to use libipq, since for some reason it didn't work and I wish not to waste more time getting it to work.

解决方案

Linux netfilter defines a socket option called SO_ORIGINAL_DST in <linux/netfilter_ipv4.h>.

First you need to enable port forwarding in your system, using one of these commands:

sysctl net.ipv4.ip_forward=1
echo 1 > /proc/sys/net/ipv4/ip_forward

Then you can use this:

struct sockaddr_in addr;
socklen_t addr_sz = sizeof(addr);
getsockopt(fd, IPPROTO_IP, SO_ORIGINAL_DST, &addr, &addr_sz);

I cannot find SO_ORIGINAL_DST in any Linux manpage. You may have luck finding formal documentation on the netfilter site.

这篇关于C ++ iptables重定向形成单独的数据包的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！