Linux Ethernet Bridging - Dec 2008 - [Bridge] ethernet bridging and http header enrichment

Dear all,

I have following problem to solve:

1. Traffic should go thru my box transparently --- no changes
in IP or MAC addresses.

2. Part of that traffic, namely, some web traffic to particular
hosts, should be "enriched" by adding some headers to HTTP
requests. Size of original requests is guaranteed to be
small enough so that header insertion will not make them to grow
above max allowed ethernet frame size.

I know how to handle (1), and that's why I'm here. But I don't
have much ideas how to perform (2) in that context.

I was looking to write an 'ebtables' extension, but it seems
that it is impossible to alter the frame size using these (am
I wrong?). Using them together with some userland application
like Squid, from my opinion, would break my condition (1) (again,
am I so wrong??).

Could you please point me to some documentation or bring an idea
how that could be accomplished?

Thanks in advance,

-- 
   Ivan

On Tue, 02 Dec 2008 21:25:44 +0300
Ivan Chernyavsky <camposer at yandex.ru> wrote:
> Dear all,
> 
> I have following problem to solve:
> 
> 1. Traffic should go thru my box transparently --- no changes
> in IP or MAC addresses.
> 
> 2. Part of that traffic, namely, some web traffic to particular
> hosts, should be "enriched" by adding some headers to HTTP
> requests. Size of original requests is guaranteed to be
> small enough so that header insertion will not make them to grow
> above max allowed ethernet frame size.
> 
> I know how to handle (1), and that's why I'm here. But I don't
> have much ideas how to perform (2) in that context.
> 
> I was looking to write an 'ebtables' extension, but it seems
> that it is impossible to alter the frame size using these (am
> I wrong?). Using them together with some userland application
> like Squid, from my opinion, would break my condition (1) (again,
> am I so wrong??).
> 
> Could you please point me to some documentation or bring an idea
> how that could be accomplished?
> 
> Thanks in advance,
> 
Use iptables, and queue?

On 12/2/08, Ivan Chernyavsky <camposer at yandex.ru>
wrote:
> 2. Part of that traffic, namely, some web traffic to particular
> hosts, should be "enriched" by adding some headers to HTTP
> requests. Size of original requests is guaranteed to be
> small enough so that header insertion will not make them to grow
> above max allowed ethernet frame size.
Maybe this is what wou want:

http://www.balabit.com/support/community/products/tproxy/

Regards,
Jaime.

04.12.08, 19:39, "Jaime Medrano" <jaime.medrano at gmail.com>:
> Maybe this is what wou want:
> http://www.balabit.com/support/community/products/tproxy/
> Regards,
> Jaime.
Thanks! But I think the solution proposed by Stephen Hemminger several mails
above is more straightforward... I will evaluate it now.

-- 
   Ivan