Date: Thu, 5 Nov 2009 09:47:27 +0100 From: Jakub Bednar <jakub.bednar@avg.com> To: Julian Elischer <julian@elischer.org> Cc: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org> Subject: Re: Diverting sockets and streams Message-ID: <AD265B12-EE7D-40FF-BE80-D41FF024DD51@avg.com> In-Reply-To: <4AF1BD8E.207@elischer.org> References: <1257352643.7731.8.camel@dell> <4AF1BD8E.207@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Julian,
thanks for making this clear to me.
>
>>
>> so basically I have to implement part of the TCP stack in my app.
>
> yes,
> though there may be other ways to do what you want..
> what DO you want to do?
>
I need to make a transparent proxy e.g. HTTP proxy, that will be able
to scan the data stream for some security problems (exploits or
whatever).
I had a solution based on packet forwarding and packet UID matching
rather then divert sockets. This solution works fine on FreeBSD, Linux
and Mac OS X Leopard. Hovewer in the new Mac OS X Snow Leopard,
forwarding outgoing packets to local port does not work. So I'm
looking for another solution.
Jakub
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AD265B12-EE7D-40FF-BE80-D41FF024DD51>