[maybe OT] IP/UDP/DNS packet manipulation question

Louis LeBlanc freebsd at keyslapper.org
Sat Feb 7 10:46:46 PST 2004

I know this might be a pretty technical question for this list, but
this is the one I'm subscribed to, so please bear with me.

I have a project that requires some creative network development.  I'm
to come up with a DNS based daemon that performs filtering and
forwarding of DNS request packets, but doesn't actually proxy them.
The platform is to be FreeBSD, otherwise I wouldn't bother anyone

That is to say it will accept DNS requests from local agents, filter
out IPV6 request packets, and forward IPV4 requests to our backend DNS
server in a way that the backend server will believe it has received
them directly from the local server and send the response directly
back to the local DNS agent, not the filter/forwarder.

As I understand things, this will mean rewriting the outgoing IP
header, UDP header (TCP support is not needed), so that they each
contain the address of the local agent as the sender IP, and leaving
the DNS header unchanged.  Or better yet, simply forwarding the entire
IP packet unchanged so that even the IP identification field is

The DNS header is easy enough, since that's in the application layer,
but I'm having trouble finding out how to rewrite the transport and
network layer headers, or to simply forward the whole packet.

There is an excellent proxy in the ports, dnsproxy by Armin
Wolfermann, but this actually handles the responses itself, which I
want to avoid.

I've been through the Stevens books, and no hint on how to do any of
this.  I thought I could simply bind the socket to the address in
question, but according to the bind(2) manpage, that would return a

I've also been through the ports/dns/ and ports/net/ ports, and it
doesn't look like there's anything to perform IP/UDP forwarding.

Can anyone shed some light here, or maybe tell me where I can find the
relevant info to help with this?  Is rewriting these headers even
necessary if the DNS packet can be sent unaltered?  Is multilayer
source address comparison a standard security check?


Louis LeBlanc               leblanc at keyslapper.org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org                     Ô¿Ô¬

hacker, n.:
  A master byter.

More information about the freebsd-questions mailing list