[Bridge] ethernet bridging and http header enrichment

[Bridge] ethernet bridging and http header enrichment

[Ivan Chernyavsky]

Dear all,

I have following problem to solve:

1. Traffic should go thru my box transparently --- no changes
in IP or MAC addresses.

2. Part of that traffic, namely, some web traffic to particular
hosts, should be "enriched" by adding some headers to HTTP
requests. Size of original requests is guaranteed to be
small enough so that header insertion will not make them to grow
above max allowed ethernet frame size.

I know how to handle (1), and that's why I'm here. But I don't
have much ideas how to perform (2) in that context.

I was looking to write an 'ebtables' extension, but it seems
that it is impossible to alter the frame size using these (am
I wrong?). Using them together with some userland application
like Squid, from my opinion, would break my condition (1) (again,
am I so wrong??).

Could you please point me to some documentation or bring an idea
how that could be accomplished?

Thanks in advance,

-- 
   Ivan

Re: [Bridge] ethernet bridging and http header enrichment

[Stephen Hemminger]

On Tue, 02 Dec 2008 21:25:44 +0300
Ivan Chernyavsky <camposer@yandex.ru> wrote:

> Dear all,
> 
> I have following problem to solve:
> 
> 1. Traffic should go thru my box transparently --- no changes
> in IP or MAC addresses.
> 
> 2. Part of that traffic, namely, some web traffic to particular
> hosts, should be "enriched" by adding some headers to HTTP
> requests. Size of original requests is guaranteed to be
> small enough so that header insertion will not make them to grow
> above max allowed ethernet frame size.
> 
> I know how to handle (1), and that's why I'm here. But I don't
> have much ideas how to perform (2) in that context.
> 
> I was looking to write an 'ebtables' extension, but it seems
> that it is impossible to alter the frame size using these (am
> I wrong?). Using them together with some userland application
> like Squid, from my opinion, would break my condition (1) (again,
> am I so wrong??).
> 
> Could you please point me to some documentation or bring an idea
> how that could be accomplished?
> 
> Thanks in advance,
> 

Use iptables, and queue?

Re: [Bridge] ethernet bridging and http header enrichment

[Jaime Medrano]

On 12/2/08, Ivan Chernyavsky <camposer@yandex.ru> wrote:
> 2. Part of that traffic, namely, some web traffic to particular
> hosts, should be "enriched" by adding some headers to HTTP
> requests. Size of original requests is guaranteed to be
> small enough so that header insertion will not make them to grow
> above max allowed ethernet frame size.

Maybe this is what wou want:

http://www.balabit.com/support/community/products/tproxy/

Regards,
Jaime.

Re: [Bridge] ethernet bridging and http header enrichment

[Ivan Chernyavsky]

03.12.08, 22:30, "Stephen Hemminger" <shemminger@vyatta.com>:


> Use iptables, and queue?

Silly me. Thanks! Seems that's what I need. I will prepare a prototype 
application and test... 

-- 
   Ivan

Re: [Bridge] ethernet bridging and http header enrichment

[Ivan Chernyavsky]

04.12.08, 19:39, "Jaime Medrano" <jaime.medrano@gmail.com>:

> Maybe this is what wou want:
> http://www.balabit.com/support/community/products/tproxy/
> Regards,
> Jaime.

Thanks! But I think the solution proposed by Stephen Hemminger several mails
above is more straightforward... I will evaluate it now.

-- 
   Ivan