On Friday, Jun 20, 2003, at 10:07 US/Pacific, Stefan
Sonnenberg-Carstens wrote:
I think you would not have to blow up the pf code itself too much.
Simply put, take a look at the packet in ip_input.c.
Look, if it should be destinated to some of your real server.
Calculate the next real server to give to packet to based
on some infos (connections, load, etc).
Create a (temporary) pf-nat rule.
Actually, if you're going to dig in there, you might as well do it
within pf itself. That way you get a few things "for free", including
pf's classification code. Simple round-robin is already there;
extending it to WRR looks fairly straightforward. A couple other useful
mechanisms are present, source-hash and random, but they currently only
apply to single CIDR blocks. You could extend them to handle lists,
like RR. Least-connection would probably be similar to WRR.
There are people maintaining ports of pf for the other BSDs, so it
needn't be a total waste of effort as far as portability goes...
