As you can imagine, this is a pretty rare requirement, so it's not
currently built into WvHttpPool for the same reason that it's not
built into, say, Firefox.
I don't see any reason to reject a patch that would add this feature
(since the patch would likely be rather simple and non-intrusive) but
of course you'd then have to wait for your favourite distros to pick
up the new WvStreams.
> The way I see it, the best way to do this is to add an additional
> constructor to both WvTCPConn and WvHTTPPool that allows for the setting of
> the source IP. Does anyone have any better ways?
If you want to send a patch to do this, I won't object. For
WvTCPConn, a new constructor makes sense. In the case of WvHttpPool,
I'd rather have a member function to set the new value, since
WvHttpPool doesn't initiate any connections until after the
constructor anyway.
> (And no, we can't fiddle with the routing table on the host pathfinder is
> installed from, nor do we want to do any of the several other tricks that
> would trick the firewall that we need to cross into thinking that we're from
> a different IP.)
Fiddling with the routing table would still be the best way :)
But speaking of things that aren't as good as fiddling with the
routing table, you could do what we did with DoubleVision way back in
the Weaver. Just make an LD_PRELOAD library that captures connect()
and does a bind() on the socket, then forwards to the normal
connect(). If the socket is already bound, the new bind() will fail,
so it's harmless. You could get the address to bind() to from an
environment variable.
The nice thing about this technique is it *does* work with Firefox or
any other program, so you only have to write it once :) The less-nice
thing is that overriding libc functions, while possible on nearly
every OS, is slightly different on each one.
(Double Vision existed before the Linux kernel had support for binding
source addresses via the routing table / iptables, so it was the
*only* simple way to do it at the time.)
Have fun,
Avery
I take that back... I member variable with no function would be even better :)
Avery
On Wed, Mar 31, 2010 at 12:24 PM, Patrick Patterson <ppat...@gmail.com> wrote:As you can imagine, this is a pretty rare requirement, so it's not
> Since there are no specific "route this IP to this set of addresses" entries
> in the routing table, any request originating from this server will have the
> source address of 192.168.6.1. What we need is some way of saying for a
> given daemon instantiation "bind to this IP Address, so that each request
> appears to originate from that IP Address". This appears to be possible with
> calling bind() prior to connect().
currently built into WvHttpPool for the same reason that it's not
built into, say, Firefox.
I don't see any reason to reject a patch that would add this feature
(since the patch would likely be rather simple and non-intrusive) but
of course you'd then have to wait for your favourite distros to pick
up the new WvStreams.
> The way I see it, the best way to do this is to add an additionalIf you want to send a patch to do this, I won't object. For
> constructor to both WvTCPConn and WvHTTPPool that allows for the setting of
> the source IP. Does anyone have any better ways?
WvTCPConn, a new constructor makes sense. In the case of WvHttpPool,
I'd rather have a member function to set the new value, since
WvHttpPool doesn't initiate any connections until after the
constructor anyway.
> (And no, we can't fiddle with the routing table on the host pathfinder isFiddling with the routing table would still be the best way :)
> installed from, nor do we want to do any of the several other tricks that
> would trick the firewall that we need to cross into thinking that we're from
> a different IP.)
But speaking of things that aren't as good as fiddling with the
routing table, you could do what we did with DoubleVision way back in
the Weaver. Just make an LD_PRELOAD library that captures connect()
and does a bind() on the socket, then forwards to the normal
connect(). If the socket is already bound, the new bind() will fail,
so it's harmless. You could get the address to bind() to from an
environment variable.
The nice thing about this technique is it *does* work with Firefox or
any other program, so you only have to write it once :) The less-nice
thing is that overriding libc functions, while possible on nearly
every OS, is slightly different on each one.
Hmm, now that I think of it, if it's an app you're compiling for
yourself (which it is) you don't have to use LD_PRELOAD at all. Just
provide your own copy of connect() and link it into the app :)
Anyway, if you prefer to patch WvStreams, that works too.
Have fun,
Avery