From owner-freebsd-net@FreeBSD.ORG Mon Jun 1 11:08:53 2009 Return-Path: Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58EF9106568D; Mon, 1 Jun 2009 11:08:53 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (chello087206192061.chello.pl [87.206.192.61]) by mx1.freebsd.org (Postfix) with ESMTP id E57428FC0A; Mon, 1 Jun 2009 11:08:52 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 9093845CDC; Mon, 1 Jun 2009 12:50:26 +0200 (CEST) Received: from localhost (pjd.wheel.pl [10.0.1.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 9380045CA6; Mon, 1 Jun 2009 12:50:21 +0200 (CEST) Date: Mon, 1 Jun 2009 12:50:25 +0200 From: Pawel Jakub Dawidek To: freebsd-net@FreeBSD.org Message-ID: <20090601105024.GC1542@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xo44VMWPx7vlQ2+2" Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 8.0-CURRENT i386 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.0.4 Cc: mlaier@FreeBSD.org Subject: PF's divert-to and divert-reply functionality. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2009 11:08:53 -0000 --xo44VMWPx7vlQ2+2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi there. I ported PF changes to make IP_BINDANY option usable on FreeBSD. I didn't port kernel changes from OpenBSD (except for extending this functionality for RAW IP sockets), because we had most of the code in place already used by ipfw forward code (IPFIREWALL_FORWARD option). I still had to implement it for UDP, because IPFIREWALL_FORWARD option changes address and port and I one to be able to find original destination when using IP_RECVDSTADDR in conjunction with recvmsg(2). The patch is here: http://people.freebsd.org/~pjd/patches/transparent_proxy.patch I'm looking for reviewers and testers. PS. IPv6 support is partially implemented (it isn't also for IPFIREWALL_FORWARD option). --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --xo44VMWPx7vlQ2+2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFKI7JwForvXbEpPzQRAgNjAJ47ZqGs6re8ozEc3fycqyuW49U61wCg1VyV AqfiTlv0ca6Ae8NST1OCSK0= =4dTH -----END PGP SIGNATURE----- --xo44VMWPx7vlQ2+2--