Contributed by sean on from the yet another feature dept.
Cedric Berger has checked in changes to the routing subsystem that allows packets to be routed based on their source address.
Cool stuff.
Here's the commit message:
CVSROOT: /cvs Module name: src Changes by: cedric@cvs.openbsd.org 2004/06/06 10:49:09
Modified files:
sys/conf : files sys/net : pf.c route.c route.h rtsock.c sys/netinet : in.h in_pcb.c ip_icmp.c ip_input.c ip_output.c ip_var.h Added files: sys/net : route_src.c Log message: extend routing table to be able to match and route packets based ontheir *source* IP address in addition to their destination address.routing table "destination" now contains a "struct sockaddr_rtin"for IPv4 instead of a "struct sockaddr_in".the routing socket has been extended in a backward-compatible way.todo: PMTU enhancements, ok deraadt@ mcbride@
(Comments are closed)
By Anonymous Coward (67.153.107.130) on
Comments
By Lennie (82.74.129.164) on
Well, they do now (in current only so, it's still months away from normal use), no worries, then. :-)
I wonder what other policy routing I might be missing out on when I'd go with OpenBSD, instead of my current Linux router.
I'm almost afraid Linux has better routing support, but OpenBSD is the better firewall.
Maybe that's how I'll handle it, then. Using the tool for the job.
BTW Does any1 know of an 'opensource' transparant HTTP-application-proxy ?
So, you'd have a bridge and then pass packets for port 80 to the webserver through the HTTP-application-proxy, but the packets would still seem to come from the original IP, not the proxy.
I'm really interrested in this as a solution to filter (with for example apache2/mod_securty) scary things from hitting webservers.
Comments
By Brad (216.209.80.7) brad at comstyle dot com on
By nullogic (24.98.72.110) on
By Gernot (213.47.70.127) on