From owner-freebsd-ipfw@FreeBSD.ORG  Thu Nov  5 08:46:25 2009
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0A721106566C
	for <freebsd-ipfw@freebsd.org>; Thu,  5 Nov 2009 08:46:25 +0000 (UTC)
	(envelope-from jakub.bednar@avg.com)
Received: from ms.grisoft.cz (ms.avg.com [193.85.188.248])
	by mx1.freebsd.org (Postfix) with ESMTP id 87D6B8FC15
	for <freebsd-ipfw@freebsd.org>; Thu,  5 Nov 2009 08:46:24 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by ms.grisoft.cz (Postfix) with SMTP id 673FB5B00E9;
	Thu,  5 Nov 2009 09:46:23 +0100 (CET)
Received: from deimos.cz.avg.com (unknown [192.168.200.161])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by ms.grisoft.cz (Postfix) with ESMTP id 4E3DA5B0030;
	Thu,  5 Nov 2009 09:46:23 +0100 (CET)
Received: from [192.168.194.110] (192.168.194.110) by mail.cz.avg.com
	(192.168.200.162) with Microsoft SMTP Server (TLS) id 8.2.176.0;
	Thu, 5 Nov 2009 09:46:22 +0100
Message-ID: <AD265B12-EE7D-40FF-BE80-D41FF024DD51@avg.com>
From: Jakub Bednar <jakub.bednar@avg.com>
To: Julian Elischer <julian@elischer.org>
In-Reply-To: <4AF1BD8E.207@elischer.org>
MIME-Version: 1.0 (Apple Message framework v936)
Date: Thu, 5 Nov 2009 09:47:27 +0100
References: <1257352643.7731.8.camel@dell> <4AF1BD8E.207@elischer.org>
X-Mailer: Apple Mail (2.936)
Content-Type: text/plain; charset="US-ASCII"; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org>
Subject: Re: Diverting sockets and streams
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Nov 2009 08:46:25 -0000

Hi Julian,

                   thanks for making this clear to me.

>
>>
>> so basically I have to implement part of the TCP stack in my app.
>
> yes,
> though there may be other ways to do what you want..
> what DO you want to do?
>

I need to make a transparent proxy e.g. HTTP proxy, that will be able  
to scan the data stream for some security problems (exploits or  
whatever).

I had a solution based on packet forwarding and packet UID matching  
rather then divert sockets. This solution works fine on FreeBSD, Linux  
and Mac OS X Leopard. Hovewer in the new Mac OS X Snow Leopard,  
forwarding outgoing packets to local port does not work. So I'm  
looking for another solution.

Jakub