-
Notifications
You must be signed in to change notification settings - Fork 381
VIP15: Specifying source address for outgoing sockets
Make it possible to specify source address for outgoing TCP connections (backends, -M)
Traffic engineering.
This is the hard bit. Ideally the IETF had paid more attention to how one specifies network addresses, but as the long list of RFC's on how to write IPv6 addresses document, they are morons.
The best proposal I can come up with is something like:
IP [PORT] '/' IP [PORT]
The trivial way to implement this would be to double the size of struct suckaddr which has merits as it could then be used to have all the info about a TCP connection, but it is a major API breakage fest.
A less intrusive way is to special-case it for -M and backend definitions, which "only" breaks that backend API for VMODS.
Instead of the / delimiter, which may conflict with CIDR notation on the right hand side or simply violate POLA, I suggest to use the pipe symbol. You can read it as "connect to the destination through this source address":
IP [PORT] ['|' CIDR]
Please note the lack of port on the right hand side, we should probably not mess with ephemeral ports when we establish connections.
This could result in the following backend definition:
backend be {
.host = "1.2.3.4 80 | 5.6.7.0/24"
}What if my destination is dual? We may use a comma delimiter too:
backend dual {
.host = "dual.example.com 80 | 5.6.7.0/24, 1234::/120"
}We could also consider having up to two IP literals on the left hand side:
backend loopback {
.host = "127.0.0.1, ::1";
}Not just for source addresses.
Regarding API considerations, I think suckaddr should not be concerned with source addresses, and endpoints where need to track both destinations and sources should have suckaddrs for both. We probably want a separate function for this source address use case:
int
VTCP_connect_from(const struct suckaddr *dest, const struct suckaddr *src, int msec);