redirecting connections based on probability

Bartosz Giza gizmen at blurp.pl
Fri Feb 29 17:14:36 UTC 2008 

Friday 29 of February 2008 17:28:07 napisałeś(-łaś):
> Am Fr, 29.02.2008, 16:35, schrieb Bartosz Giza:
> > Hi,
> >
> > I have to do such a thing like redirecting connections to port 80 based
> > on probability. For example i need to redirect 10% requests to my web
> > server and
> > other 90% of requests should go to the original location.
> >
> > I know that pf has probability feature but there is no probability option
> > for
> > rdr rules. I have tryied couple of methods that could work but they
> > didn't
> >
> > :(
> >
> > The problem is that rdr rules works on incoming packets so i can't use
> > them
> > dirrectly because i don't want to redirect all packets to different
> > location.
> >
> > Could somebody tell me is such a thing possible in pf ? If yes please
> > point me
> > how is that possible.
>
> Say you want to share 1/3 -> IP_A and 2/3 -> IP_B (for the sake of
> brevity):
>
>      rdr on $ext_if proto tcp from any to any port 80 \
>            -> { $IP_B, $IP_A, $IP_B } round-robin
>
> This also works with random pool selection.  src-hash and bitmask are
> obviously another story.  sticky-address might also skew the results, but
> could be a good idea nontheless.

Hmm the problem is that i need to redirect only some % of packages and others 
leave untouched (no rdr) But in this example i have to put redirection 
addresses but i don't know them.
Exactly what i need is to redirect some percentage of all web connections to 
my www server where would be page with some information for a client. The 
rest of those connections would be passed without redirection. So i need 
something like this:

rdr on $int_if inet proto tcp from someip to any port 80 probability 0.1 -> 
mywebserver

But the problem is rdr rule does not understand probability keyword.
For now i don't have a clue how to do this with pf.

Other question is where can i use such a rule:

rdr on $int_if inet proto tcp from someip to any port 80 tagged key -> mywebsr

I can't really imagine how can i use key word tagged with rdr rule. What i 
know rdr are done on packets that come in to the iface and it is done on the 
begining. So i can't imagie situation where can i use such a construcion.

-- 
Pozdrawiam
Bartosz Giza

More information about the freebsd-net mailing list