Announcing the first version of l4ip.
I have finished what I wanted to support in the first version of my program. Includes tcp and udp RDR rules, as well as health checks for udp, tcp and system style executables.
I went a little bit overboard with the script flexibility. You can run scripts as you please, have IO from the script to be send to your testing connection should you want to do that. Not sure if that is all that useful, but I might as well support it.
SSL is there for those that want to test apache+SSL, as well as the "sticky" attribute with IP Filter.
As an example, if you wanted to test for DNS, you could connect with tcp on port 53, and stay connect. Or, use udp and send "localhost SOA?" with reply. Or, spawn "dig" to do the test for you and either use its returncode, or an expect string back.
The biggest issue at the moment seems to be that of header files. My NetBSD machine comes with ip_fil.h, ip_nat.h etc. But the recently installed Solaris 10 has none of the include files, even though the operating system comes with IP Filter. My FreeBSD box has no includes, but the version is that of v3 so perhaps that would be too old to function as is.
Current weaknesses are:
* the send/expect challenges work great as long as you do not receive superflous input. We would need to come up with a good way to "read input until <match>" as well perhaps. (Imagine FTP logins where lines can be 200- for an unknown count of lines).
* Could do with stricter configuration file sanity checkings.
* ./configure ?
One should stick an apache configuration front-end with this and sell L4 blackboxes.
Latest tarball: http://www.lundman.net/ftp/l4ip/l4ip-v1.0.b226.tgz CVS: ":pserver:[EMAIL PROTECTED]:/home/cvsroot" co l4ip (pass anoncvs)
Lund
-- Jorgen Lundman | <[EMAIL PROTECTED]> Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work) Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell) Japan | +81 (0)3 -3375-1767 (home)
