Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 4 Jun 1998 15:13:43 -0500 (CDT)
From:      Guy Helmer <ghelmer@scl.ameslab.gov>
To:        Julian Elischer <julian@whistle.com>
Cc:        hackers@FreeBSD.ORG, net@FreeBSD.ORG
Subject:   Re: Transparent packet diversion: Where is it?
Message-ID:  <Pine.SGI.3.96.980604151126.719K-100000@demios.scl.ameslab.gov>
In-Reply-To: <3576DE84.ED153D95@adinet.com.uy>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 4 Jun 1998, Angelo Nardone wrote:

> Julian Elischer wrote:
> 
> > A month or so ago, someone announced a package that
> > did redirection of packets to arbitrary places.
> >
> > I remember the comment
> > "it's wierd seeing all those foreign adresses in the netstat listing".

Perhaps this was what you were looking for:

Date: Thu, 30 Apr 1998 21:06:04 +0100
From: Chrisy Luke <chrisy@flix.net>
To: freebsd-hackers@FreeBSD.ORG
Subject: Beta 3 release of Multipath routing and friends.

ftp://ftp.flirble.org/pub/unix/hacks/FreeBSD/mpath.b3.tgz

README attached.

A few fixes to the Multipath code. The metric stuff and the persistant
route caching will come in b4.

This code mostly adds support to the ipfw interface and code to support
two things, which are based on the same thing:

 * Directing INCOMING traffic that match rules to a LOCAL TCP port.
   This is intended for transparent proxying without external calls
   to a LKM, it also doesn't touch the packet, so getsockname() works
   so there's also no need for a subsequent IOCTL to work out what the
   original destination/port was.
   It's freaky seeing random remote IP's listed as "Local addresses"
   in netstat! BSD-router-speed transparent diversion... :-)

 * Modifying the next-hop address of OUTBOUND traffic that matches the
   rule. My intention for this is to direct web traffic from a core
   router to a transparent proxy. David Sharnoff also wanted something
   similar, and the functionality of this thus extends to doing a route
   table lookup on the specified next-hop and using the route to it,
   meaning the next-hop doesn't need to be on a directly reachable
   interface. Remember though, this code only forwards to a directly
   reachable machine! It doesn't deliver it to the specified next-hop!
   TCP port numbers are ignored if this rule comes into affect.

The rule-based forwarding mechanism is independant of the Multipath
stuff, but does have multipath code in it if multipath is compiled in.

Currently on rule-based forwarding there's a douvle-route-table penalty
on the outbound traffic. I'll probably address this in b4 also.

Chris.
-- 
== chris@easynet.net, chrisy@flix.net, chrisy@flirble.org.
== Head of Systems for Easynet Group PLC.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SGI.3.96.980604151126.719K-100000>