From owner-freebsd-net@FreeBSD.ORG Thu May 27 15:26:55 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7F3011065675 for ; Thu, 27 May 2010 15:26:55 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from mail.vx.sk (core.vx.sk [188.40.32.143]) by mx1.freebsd.org (Postfix) with ESMTP id 0B50D8FC20 for ; Thu, 27 May 2010 15:26:54 +0000 (UTC) Received: from core.vx.sk (localhost [127.0.0.1]) by mail.vx.sk (Postfix) with ESMTP id 80D1FB5073 for ; Thu, 27 May 2010 17:09:51 +0200 (CEST) X-Virus-Scanned: amavisd-new at mail.vx.sk Received: from mail.vx.sk ([127.0.0.1]) by core.vx.sk (mail.vx.sk [127.0.0.1]) (amavisd-new, port 10024) with LMTP id IG1GcUhHUgVh for ; Thu, 27 May 2010 17:09:45 +0200 (CEST) Received: from [127.0.0.1] (chello089173000055.chello.sk [89.173.0.55]) by mail.vx.sk (Postfix) with ESMTPSA id 9DA2DB504E for ; Thu, 27 May 2010 17:09:45 +0200 (CEST) Message-ID: <4BFE8B3C.1060904@FreeBSD.org> Date: Thu, 27 May 2010 17:09:48 +0200 From: Martin Matuska User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; sk; rv:1.8.1.23) Gecko/20090812 Lightning/0.9 Thunderbird/2.0.0.23 Mnenhy/0.7.5.0 MIME-Version: 1.0 To: freebsd-net@freebsd.org X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=windows-1250 Content-Transfer-Encoding: 7bit Subject: Base import proposal: relayd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 May 2010 15:26:55 -0000 I would like to open an discussion about the possibility of importing relayd(8) and its management tool relayctl(8) from OpenBSD for import to our base system. Relayd is a level 3 and level 7 reverse proxy (with transparency support) and a load-balancer. It makes use of pf(4)'s advanced features and would be a great tool for FreeBSD-based firewalls. We could provide an out-of-the box load-blancing solution with service availability checking. This is indeed very useful when FreeBSD is used as a (load-balancing) firewall. In addition, the code is quite small and easy to integrate. The import is based on a CVS snapshot from OpenBSD as of Aug 13, 2009 (4.6). That was just right before importing new pf changes that make it incompatible with our current pf(4). After our pf(4) gets upgraded we can move to a newer relayd(8). It includes several backported patches from OpenBSD 4.7 and OpenBSD HEAD. The carp and snmp functionality is disabled (for now) because of OpenBSD specific code. Required libevent is used statically from contrib/pf and gets built only once as of usr.sbin/ftp-proxy. A working (and more or less complete) patch against HEAD and 8-STABLE can be downloaded from here: http://people.freebsd.org/~mm/patches/relayd/head-relayd.patch http://people.freebsd.org/~mm/patches/relayd/stable-8-relayd.patch The patch is based on this snapshot: http://people.freebsd.org/~mm/distfiles/relayd-4.6.20090813.tar.gz And includes backported patches from my PR ports/147122 - it can be tested as a port as well: http://www.freebsd.org/cgi/query-pr.cgi?pr=147122 The port patches from Jun Kuriyama (kuriyama@FreeBSD.org) were used as a base point. As an alternative I would like to maintain the port, I am already trying to get in touch with Jun. Comments, suggestions and opinions are welcome.