| The idea of this 'mirror server' is to forward matching packets back to its origin, just for fun. |
| |
| The first version (raw) is implemented on a Debian GNU/Linux system; only TCP is supported in this version, packets sniffing and TCP reset reply is done by using raw sockets, forwarding using plain TCP sockets. The version probably dose only work with Linux, and very unreliable. |
| To correctly accept(2) incoming connections without being refused by the kernel (because kernel would send an ACK,RST on closed ports automatically), blocking outbound ACK,RST is necessary, but at same time allowing ACK,RST to be sent from mirror server would become a problem; to workaround this, ACK,RST packets sent from mirror server will having an empty TCP option; blocking ACK,RST from kernel using iptables(8) with 'iptables -A OUTPUT -p tcp --tcp-flags SYN,ACK,FIN,RST ACK,RST ! --tcp-option 1 -j DROP'. |
| |
| After learning ipfw(8) and the divert(4) socket on FreeBSD, I realized implementing a new mirror server with it will a lot easier (the raw socket version won't work on kFreeBSD anyways). Since this implementation only swaps source and destination addresses in IP header, mirror server no longer need to care about transport layer protocol. Packet matching is done by the firewall; more complex matching rules could be implemented without need to change mirror server. |
| For example to mirror TCP port 3000-10000, run following commands: |
| # ipfw add 10001 divert 233 tcp from any to me 3000-10000 in |
| # ipfw add 10001 divert 233 tcp from any 3000-10000 to me in |
| # mirror-server 233 |
| divert(4) socket is also available on OpenBSD via pf(4); mirror server should work, but I have not tested it. |