G'day all, I've finally gotten around to pulling apart some of Julian Elischer's work on the source IP address spoofing stuff and I've been testing it on my local squid-2 fork (cacheboy.)
I'd appreciate some comments and review before I begin committing bits of it to freebsd-current. The work will be available here, including a brief description of what is going on: http://people.freebsd.org/~adrian/sys/spoof_bind/ I'd first like to commit the core changes which introduce a new compile option, sysctl and IP option to enable a non-local IP address in bind(). That in itself is enough to at least begin testing under -current and releng_7. The diff against -current for this first phase is available here: http://people.freebsd.org/~adrian/sys/spoof_bind/spoof_bind_sys.diff I'm currently running just this patch on a machine in the netperf cluster which is acting as a transparent HTTP interception thing. It seems to handle "moderate" request rates (~1500 socket creations a second, ~150mbit). This first patch is pretty straight forward and I'm reasonably confident that it won't break anything in -current or releng_7 which isn't already broken. There are other changes to IPFW and the bridging code which I'll ask to be reviewed separately. Thanks! Adrian _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
