On Sat, Sep 02, 2006 at 04:22:44PM -0500, David Young wrote:
> For review, here are my latest patches adding a mechanism
> for enforcing an IPv4 source-address selection policy,
> <ftp://cuw.ojctech.com/cuw/netbsd-e3b075d7/pristine-selsrc-patch>.
> Below, I document the impact of the patches a bit.  I will turn this
> text into a manual page.
> 
> The patches let an operator set the policy by which the kernel chooses a
> source address for any socket bound to the "wildcard" address, INADDR_ANY.
> Note that the policy is applied *after* the kernel makes its forwarding
> decision, thereby choosing the output interface; in other words, this
> mechanism does not affect whether or not NetBSD is a "strong ES".

My impression is that it introduces a quite complicated interface to
achieve only limited results. Namely, you can't apparently request a
source address from a different interface. Using an alias on the loopback
interface as source address quite common, I think.

Pavel