PF's divert-to and divert-reply functionality.
    Pawel Jakub Dawidek 
    pjd at FreeBSD.org
       
    Mon Jun  1 11:08:53 UTC 2009
    
    
  
Hi there.
I ported PF changes to make IP_BINDANY option usable on FreeBSD.
I didn't port kernel changes from OpenBSD (except for extending this
functionality for RAW IP sockets), because we had most of the code in
place already used by ipfw forward code (IPFIREWALL_FORWARD option).
I still had to implement it for UDP, because IPFIREWALL_FORWARD option
changes address and port and I one to be able to find original
destination when using IP_RECVDSTADDR in conjunction with recvmsg(2).
The patch is here:
	http://people.freebsd.org/~pjd/patches/transparent_proxy.patch
I'm looking for reviewers and testers.
PS. IPv6 support is partially implemented (it isn't also for
    IPFIREWALL_FORWARD option).
-- 
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd at FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20090601/f24f6322/attachment.pgp
    
    
More information about the freebsd-net
mailing list