From owner-freebsd-ipfw@FreeBSD.ORG Thu Nov 5 08:46:25 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A721106566C for ; Thu, 5 Nov 2009 08:46:25 +0000 (UTC) (envelope-from jakub.bednar@avg.com) Received: from ms.grisoft.cz (ms.avg.com [193.85.188.248]) by mx1.freebsd.org (Postfix) with ESMTP id 87D6B8FC15 for ; Thu, 5 Nov 2009 08:46:24 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by ms.grisoft.cz (Postfix) with SMTP id 673FB5B00E9; Thu, 5 Nov 2009 09:46:23 +0100 (CET) Received: from deimos.cz.avg.com (unknown [192.168.200.161]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ms.grisoft.cz (Postfix) with ESMTP id 4E3DA5B0030; Thu, 5 Nov 2009 09:46:23 +0100 (CET) Received: from [192.168.194.110] (192.168.194.110) by mail.cz.avg.com (192.168.200.162) with Microsoft SMTP Server (TLS) id 8.2.176.0; Thu, 5 Nov 2009 09:46:22 +0100 Message-ID: From: Jakub Bednar To: Julian Elischer In-Reply-To: <4AF1BD8E.207@elischer.org> MIME-Version: 1.0 (Apple Message framework v936) Date: Thu, 5 Nov 2009 09:47:27 +0100 References: <1257352643.7731.8.camel@dell> <4AF1BD8E.207@elischer.org> X-Mailer: Apple Mail (2.936) Content-Type: text/plain; charset="US-ASCII"; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: "freebsd-ipfw@freebsd.org" Subject: Re: Diverting sockets and streams X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Nov 2009 08:46:25 -0000 Hi Julian, thanks for making this clear to me. > >> >> so basically I have to implement part of the TCP stack in my app. > > yes, > though there may be other ways to do what you want.. > what DO you want to do? > I need to make a transparent proxy e.g. HTTP proxy, that will be able to scan the data stream for some security problems (exploits or whatever). I had a solution based on packet forwarding and packet UID matching rather then divert sockets. This solution works fine on FreeBSD, Linux and Mac OS X Leopard. Hovewer in the new Mac OS X Snow Leopard, forwarding outgoing packets to local port does not work. So I'm looking for another solution. Jakub