Re: update pf

To: tech-net%netbsd.org@localhost
Subject: Re: update pf
From: christos%astron.com@localhost (Christos Zoulas)
Date: Tue, 6 Dec 2016 13:06:23 +0000 (UTC)

In article <28ffe0cb-df5d-d5ce-f2ad-eada4c07a14e%egervary.hu@localhost>,
EgervÃ¡ry Gergely  <gergely%egervary.hu@localhost> wrote:
>>> NPF is missing TPROXY / divert sockets functionality.
>>
>> Can't you use map for those?
>
>Squid transparent/intercept proxy needs to know the original
>destination address. With map (DNAT) it's only possible doing
>an IOCTL lookup on the NAT table.
>
>   IPFilter: SIOCGNATL
>   PF: DIOCNATLOOK
>
>Unfortunately, it's not implemented in NPF yet.

That should be simple to add. I wish I had some spare cycles to do it.

christos

References:
- update pf
  - From: Egerváry Gergely
- Re: update pf
  - From: Egerváry Gergely
- Re: update pf
  - From: Christos Zoulas
- Re: update pf
  - From: Egerváry Gergely

Prev by Date: Re: update pf
Next by Date: Unify bpf_mtap & if_ipackets++ on Rx
Previous by Thread: Re: update pf
Next by Thread: Re: update pf
Indexes:

Home | Main Index | Thread Index | Old Index