tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: update pf
In article <28ffe0cb-df5d-d5ce-f2ad-eada4c07a14e%egervary.hu@localhost>,
Egerváry Gergely <gergely%egervary.hu@localhost> wrote:
>>> NPF is missing TPROXY / divert sockets functionality.
>>
>> Can't you use map for those?
>
>Squid transparent/intercept proxy needs to know the original
>destination address. With map (DNAT) it's only possible doing
>an IOCTL lookup on the NAT table.
>
> IPFilter: SIOCGNATL
> PF: DIOCNATLOOK
>
>Unfortunately, it's not implemented in NPF yet.
That should be simple to add. I wish I had some spare cycles to do it.
christos
Home |
Main Index |
Thread Index |
Old Index