From owner-freebsd-pf@FreeBSD.ORG  Tue Jan 29 18:26:42 2008
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3D45E16A46D
	for <freebsd-pf@freebsd.org>; Tue, 29 Jan 2008 18:26:42 +0000 (UTC)
	(envelope-from nullpt@gmail.com)
Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.238])
	by mx1.freebsd.org (Postfix) with ESMTP id F09E513C458
	for <freebsd-pf@freebsd.org>; Tue, 29 Jan 2008 18:26:41 +0000 (UTC)
	(envelope-from nullpt@gmail.com)
Received: by wx-out-0506.google.com with SMTP id i29so1680177wxd.7
	for <freebsd-pf@freebsd.org>; Tue, 29 Jan 2008 10:26:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	bh=JkVylATQup3Uip5Ruu14atiYSALzJ+IBFFVQS7Ta21I=;
	b=I21+23rZF/rBvyNFh8yETCnB9PTiPIOV/xNVGMgPhpZaNaBnkO/yVDTMhvQccosJBsPDXm8Q4AydJ95NX89mLqBMRAytby9L3uJimn8QvvDWgZs48z68y0RIsGLIdHwITeQ4PLz0T03RceM/FyghRxWWPyROwNBDbA9rZ3XqtI8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=nLijOb7kf90hRvv60wSUcYRxfS6voFKAq24bqGKVUlNIfMYCVXZI8QK9CV/TH0J3TUsDmJrtQyF4aGukINE6jF9aDrhG6Vo2ruV4/HdSq7kXQBFCJCzPIReLtyCzgOpM8Td2m0Urb75agZLLZXMKSGf2pSsDWJbid96YBmE/EQ0=
Received: by 10.141.28.12 with SMTP id f12mr4633799rvj.1.1201631194290;
	Tue, 29 Jan 2008 10:26:34 -0800 (PST)
Received: by 10.141.132.15 with HTTP; Tue, 29 Jan 2008 10:26:34 -0800 (PST)
Message-ID: <755cb9fc0801291026oc273ae1o7122cfd580f9413e@mail.gmail.com>
Date: Tue, 29 Jan 2008 18:26:34 +0000
From: "Alexandre Vieira" <nullpt@gmail.com>
To: freebsd-pf@freebsd.org, freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Cc: 
Subject: Relayd l3 redirect send/expect check
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jan 2008 18:26:42 -0000

Hi all,

There used to be a check send "string" expect "string" in the old
config method in hoststated. I've checked the relayd.conf man page and
apparently the only way to do this now is with an external script.
I've tried to add the " forward to <table> check send "" expect
"banner string" " and the relayd validates the config file but always
sets my table hosts down :\ Also a simple " forward to <table> check
tcp " won't work.

While snooping the interface to the pool servers I can see that relayd
tries to contact all pool servers in the defined interval and in the
correct port but doesn't actually open a connection, just send a SYN,
the servers answer and then it RST them. The hosts are shown as "down"
in relayctl.

18:11:10.387565 IP 172.16.135.142.52679 > 172.16.135.148.rtsp: S
675781109:675781109(0) win 16384 <mss 1460,nop,wscale
6,sackOK,timestamp 430386759 0>
18:11:10.387591 IP 172.16.135.142.49363 > 172.16.135.133.rtsp: S
1229756465:1229756465(0) win 16384 <mss 1460,nop,wscale
6,sackOK,timestamp 430386759 0>
18:11:10.387850 IP 172.16.135.148.rtsp > 172.16.135.142.52679: S
216269779:216269779(0) ack 675781110 win 24616 <nop,nop,timestamp
737427944 430386759,nop,wscale 0,nop,nop,sackOK,mss 1460>
18:11:10.387870 IP 172.16.135.142.52679 > 172.16.135.148.rtsp: R
675781110:675781110(0) win 0
18:11:10.387873 IP 172.16.135.133.rtsp > 172.16.135.142.49363: S
2827025081:2827025081(0) ack 1229756466 win 49232 <nop,nop,timestamp
434360123 430386759,mss 1460,nop,wscale 0,nop,nop,sackOK>
18:11:10.387882 IP 172.16.135.142.49363 > 172.16.135.133.rtsp: R
1229756466:1229756466(0) win 0


The only way I have to get it working is a simple check icmp, which is
sucky :\ When the pool hosts are up the rdrs work great.


relayd.conf:

public_ip="10.16.3.177"
rtsp1="172.16.135.148"
rtsp2="172.16.135.133"

interval 5      # check hosts every 5 seconds

table <rtsphosts> { $rtsp1 $rtsp2 }

redirect rtsp {
        listen on $public_ip port 554 interface bge0
        tag RELAYD
        sticky-address
        forward to <rtsphosts> check tcp
}

pf.conf:

scrub all fragment reassemble
rdr-anchor "relayd/*"
pass all keep state


FreeBSD  7.0-RC1 FreeBSD 7.0-RC1 #1: Fri Jan 18 13:36:30 WET 2008
root@:/usr/obj/usr/src/sys/me  amd64

kernel diff:

device pf
device pflog
device pfsync
device carp

options         ALTQ
options         ALTQ_CBQ        # Class Bases Queuing (CBQ)
options         ALTQ_RED        # Random Early Detection (RED)
options         ALTQ_RIO        # RED In/Out
options         ALTQ_HFSC       # Hierarchical Packet Scheduler (HFSC)
options         ALTQ_PRIQ       # Priority Queuing (PRIQ)
options         ALTQ_NOPCC      # Required for SMP build


The objective is to use relayd/pf as a simple l3 roundrobin load
balancer with service health check.

Any advice is most welcome.

Regards,