Hi there, Recently I tried to make a transparent web proxy on a machine that run in bridging mode. At last, I decided to make a patch. Here it is for those who want to do the same. One interface should be given an IP address so squid may do a requests. Squid listens on 127.0.0.1:8080. I am using pf firewall, with this redirection rule: rdr on $int proto tcp from any to any port 80 -> (lo0) port 8080
This is what the patch does:
static void ether_input()
{
...
if (packet_is_IP_packet && pf_enabled && mbuf_copy = copy_the_mbuf) {
strip_ethernet_headers;
run_the_firewall;
if (packet_redirected_to_127.0.0.1)
bypass_the_bridge
free_the_mbuf_copy;
}
...
}
The patch is small, so I include it inline.
Tested on 5.4
if_ethersubr.c.patch
Description: Binary data
_______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
