From owner-freebsd-net@FreeBSD.ORG Fri Feb 29 17:14:36 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9AB8010656C6 for ; Fri, 29 Feb 2008 17:14:36 +0000 (UTC) (envelope-from gizmen@blurp.pl) Received: from albion.azs.pwr.wroc.pl (albion.azs.pwr.wroc.pl [156.17.17.145]) by mx1.freebsd.org (Postfix) with ESMTP id 5733F8FC15 for ; Fri, 29 Feb 2008 17:14:36 +0000 (UTC) (envelope-from gizmen@blurp.pl) Received: from gizmen (blurp.t2.ds.pwr.wroc.pl [156.17.224.5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by albion.azs.pwr.wroc.pl (Postfix) with ESMTP id 8EE70115F1; Fri, 29 Feb 2008 18:14:35 +0100 (CET) From: Bartosz Giza To: "Max Laier" Date: Fri, 29 Feb 2008 18:14:34 +0100 User-Agent: KMail/1.9.7 References: <200802291635.38308.gizmen@blurp.pl> <55614.192.168.4.151.1204302487.squirrel@router.laiers.local> In-Reply-To: <55614.192.168.4.151.1204302487.squirrel@router.laiers.local> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200802291814.34559.gizmen@blurp.pl> Cc: freebsd-net@freebsd.org Subject: Re: redirecting connections based on probability X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Feb 2008 17:14:36 -0000 =46riday 29 of February 2008 17:28:07 napisa=C5=82e=C5=9B(-=C5=82a=C5=9B): > Am Fr, 29.02.2008, 16:35, schrieb Bartosz Giza: > > Hi, > > > > I have to do such a thing like redirecting connections to port 80 based > > on probability. For example i need to redirect 10% requests to my web > > server and > > other 90% of requests should go to the original location. > > > > I know that pf has probability feature but there is no probability opti= on > > for > > rdr rules. I have tryied couple of methods that could work but they > > didn't > > > > :( > > > > The problem is that rdr rules works on incoming packets so i can't use > > them > > dirrectly because i don't want to redirect all packets to different > > location. > > > > Could somebody tell me is such a thing possible in pf ? If yes please > > point me > > how is that possible. > > Say you want to share 1/3 -> IP_A and 2/3 -> IP_B (for the sake of > brevity): > > rdr on $ext_if proto tcp from any to any port 80 \ > -> { $IP_B, $IP_A, $IP_B } round-robin > > This also works with random pool selection. src-hash and bitmask are > obviously another story. sticky-address might also skew the results, but > could be a good idea nontheless. Hmm the problem is that i need to redirect only some % of packages and othe= rs=20 leave untouched (no rdr) But in this example i have to put redirection=20 addresses but i don't know them. Exactly what i need is to redirect some percentage of all web connections t= o=20 my www server where would be page with some information for a client. The=20 rest of those connections would be passed without redirection. So i need=20 something like this: rdr on $int_if inet proto tcp from someip to any port 80 probability 0.1 ->= =20 mywebserver But the problem is rdr rule does not understand probability keyword. =46or now i don't have a clue how to do this with pf. Other question is where can i use such a rule: rdr on $int_if inet proto tcp from someip to any port 80 tagged key -> mywe= bsr I can't really imagine how can i use key word tagged with rdr rule. What i= =20 know rdr are done on packets that come in to the iface and it is done on th= e=20 begining. So i can't imagie situation where can i use such a construcion. =2D-=20 Pozdrawiam Bartosz Giza