Date: Wed, 20 Apr 2005 08:22:13 +0000 From: Sergey Lyubka <valenok@gmail.com> To: freebsd-hackers@freebsd.org Subject: transparent squid proxy + bridge Message-ID: <72c3a95705042001227812f6e6@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
------=_Part_1250_18247984.1113985333807
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Hi there,
Recently I tried to make a transparent web proxy on a machine
that run in bridging mode. At last, I decided to make a patch.
Here it is for those who want to do the same.
One interface should be given an IP address so squid may do
a requests. Squid listens on 127.0.0.1:8080.
I am using pf firewall, with this redirection rule:
rdr on $int proto tcp from any to any port 80 -> (lo0) port 8080
This is what the patch does:
static void ether_input()
{
...
if (packet_is_IP_packet && pf_enabled && mbuf_copy =3D copy_the_mbuf) {
strip_ethernet_headers;
run_the_firewall;
if (packet_redirected_to_127.0.0.1)
bypass_the_bridge
free_the_mbuf_copy;
}
...
}
The patch is small, so I include it inline.
Tested on 5.4
------=_Part_1250_18247984.1113985333807
Content-Type: application/octet-stream; name="if_ethersubr.c.patch"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="if_ethersubr.c.patch"
LS0tIC91c3Ivc3JjL3N5cy9uZXQvaWZfZXRoZXJzdWJyLmMub3JpZwlUaHUgTWFyIDMxIDE0OjU4
OjM2IDIwMDUKKysrIC91c3Ivc3JjL3N5cy9uZXQvaWZfZXRoZXJzdWJyLmMJVHVlIEFwciAxOSAx
Mzo1MDowNSAyMDA1CkBAIC02Niw4ICs2NiwxMCBAQAogI2lmIGRlZmluZWQoSU5FVCkgfHwgZGVm
aW5lZChJTkVUNikKICNpbmNsdWRlIDxuZXRpbmV0L2luLmg+CiAjaW5jbHVkZSA8bmV0aW5ldC9p
bl92YXIuaD4KKyNpbmNsdWRlIDxuZXRpbmV0L2luX3N5c3RtLmg+CiAjaW5jbHVkZSA8bmV0aW5l
dC9pZl9ldGhlci5oPgogI2luY2x1ZGUgPG5ldGluZXQvaXBfZncuaD4KKyNpbmNsdWRlIDxuZXRp
bmV0L2lwLmg+CiAjaW5jbHVkZSA8bmV0aW5ldC9pcF9kdW1teW5ldC5oPgogI2VuZGlmCiAjaWZk
ZWYgSU5FVDYKQEAgLTQ4NSw2ICs0ODcsOCBAQAogfQogI2VuZGlmCiAKKyNpbmNsdWRlIDxuZXQv
cGZpbC5oPgorZXh0ZXJuIHN0cnVjdCBwZmlsX2hlYWQgaW5ldF9wZmlsX2hvb2s7CiAvKgogICog
UHJvY2VzcyBhIHJlY2VpdmVkIEV0aGVybmV0IHBhY2tldDsgdGhlIHBhY2tldCBpcyBpbiB0aGUK
ICAqIG1idWYgY2hhaW4gbSB3aXRoIHRoZSBldGhlcm5ldCBoZWFkZXIgYXQgdGhlIGZyb250LgpA
QCAtNDkzLDcgKzQ5Nyw5IEBACiBldGhlcl9pbnB1dChzdHJ1Y3QgaWZuZXQgKmlmcCwgc3RydWN0
IG1idWYgKm0pCiB7CiAJc3RydWN0IGV0aGVyX2hlYWRlciAqZWg7CisJc3RydWN0IG1idWYgKm0y
OwogCXVfc2hvcnQgZXR5cGU7CisJaW50IHRvbG9jYWwgPSAwOwogCiAJLyoKIAkgKiBEbyBjb25z
aXN0ZW5jeSBjaGVja3MgdG8gdmVyaWZ5IGFzc3VtcHRpb25zCkBAIC01NzYsOCArNTgyLDUwIEBA
CiAJCQlyZXR1cm47CiAJfQogCisjaWYgMQorCS8qKioqKioqKioqKioqKiogVUdMWSBIQUNLICEh
ICoqKioqKioqKioqKioqKioqKiovCisJaWYgKGV0eXBlID09IDB4ODAwICYmCisJICAgIGluZXRf
cGZpbF9ob29rLnBoX2J1c3lfY291bnQgIT0gLTEgJiYKKwkgICAgKG0yID0gbV9kdXAobSwgTV9E
T05UV0FJVCkpICE9IE5VTEwpIHsKKwkJc3RydWN0IGlwICppcDsKKwkJCisJCW1fYWRqKG0yLCBF
VEhFUl9IRFJfTEVOKTsJLyogcmVtb3ZlIGV0aGVyIGhkciAqLworCQlpcCA9IG10b2QobTIsIHN0
cnVjdCBpcCAqKTsKKworCQlpcC0+aXBfbGVuID0gbnRvaHMoaXAtPmlwX2xlbik7CisJCWlwLT5p
cF9vZmYgPSBudG9ocyhpcC0+aXBfb2ZmKTsJCQorCQkKKwkJaWYgKG0yLT5tX3BrdGhkci5sZW4g
PiBpcC0+aXBfbGVuKSB7CisJCQlpZiAobTItPm1fbGVuID09IG0yLT5tX3BrdGhkci5sZW4pIHsK
KwkJCQltMi0+bV9sZW4gPSBpcC0+aXBfbGVuOworCQkJCW0yLT5tX3BrdGhkci5sZW4gPSBpcC0+
aXBfbGVuOworCQkJfSBlbHNlCisJCQkJbV9hZGoobTIsIGlwLT5pcF9sZW4gLSBtMi0+bV9wa3Ro
ZHIubGVuKTsKKwkJfQorCQkKKwkJaWYgKHBmaWxfcnVuX2hvb2tzKCZpbmV0X3BmaWxfaG9vaywg
Jm0yLCBtMi0+bV9wa3RoZHIucmN2aWYsCisJCSAgICBQRklMX0lOLCBOVUxMKSAhPSAwKSB7CisJ
CQltX2ZyZWVtKG0pOworCQkJcmV0dXJuOworCQl9CisKKwkJaWYgKG0yID09IE5VTEwpCXsKKwkJ
CW1fZnJlZW0obSk7CisJCQlyZXR1cm47CisJCX0KKwkJCisJCWlwID0gbXRvZChtMiwgc3RydWN0
IGlwICopOworCQlpZiAoaXAtPmlwX2RzdC5zX2FkZHIgPT0gbnRvaGwoSU5BRERSX0xPT1BCQUNL
KSkKKwkJCXRvbG9jYWwgPSAxOworCisJCQorCQltX2ZyZWVtKG0yKTsKKwl9CisJLyoqKioqKioq
KioqKioqKiBFTkQgT0YgVUdMWSBIQUNLICoqKioqKioqKioqKioqKioqKiovCisjZW5kaWYKKwog
CS8qIENoZWNrIGZvciBicmlkZ2luZyBtb2RlICovCi0JaWYgKEJER19BQ1RJVkUoaWZwKSApIHsK
KwlpZiAoQkRHX0FDVElWRShpZnApICYmIHRvbG9jYWwgPT0gMCkgewogCQlzdHJ1Y3QgaWZuZXQg
KmJpZjsKIAogCQkvKgo=
------=_Part_1250_18247984.1113985333807--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?72c3a95705042001227812f6e6>