Diverting sockets and streams
Julian Elischer
julian at elischer.org
Thu Nov 5 08:56:26 UTC 2009
Jakub Bednar wrote:
> Hi Julian,
>
> thanks for making this clear to me.
>
>>
>>>
>>> so basically I have to implement part of the TCP stack in my app.
>>
>> yes,
>> though there may be other ways to do what you want..
>> what DO you want to do?
>>
>
> I need to make a transparent proxy e.g. HTTP proxy, that will be able to
> scan the data stream for some security problems (exploits or whatever).
>
> I had a solution based on packet forwarding and packet UID matching
> rather then divert sockets. This solution works fine on FreeBSD, Linux
> and Mac OS X Leopard. Hovewer in the new Mac OS X Snow Leopard,
> forwarding outgoing packets to local port does not work. So I'm looking
> for another solution.
sounds like the broke it..
maybe they inherited a change from FreeBSD that was reverted out but
existed for one release, that broke exactly that :-)
ipfw fwd
along with fwd uid
is the way to do this on FreeBSD but snow leopard IS a problem.
doing it with divert is going to be a real pain.
you can also do this with nat in some cases I think..
>
> Jakub
More information about the freebsd-ipfw
mailing list