| 1 |
On Tuesday 11 October 2005 07:37 am, Steve [Gentoo] wrote: |
| 2 |
> I'm also vaguely hopeful that there may |
| 3 |
> be a more efficient lower-level solution which wouldn't require the |
| 4 |
> overhead of a process to 'pass-on' the tcp data... maybe integrated with |
| 5 |
> ipchains or pf or similar? |
| 6 |
|
| 7 |
If you choose to roll your own solution, that would be difficult. Youve |
| 8 |
already accepted the connection, so the firewall is now configured to allow |
| 9 |
the packets back and forth only when related to your connection. |
| 10 |
|
| 11 |
Without 'exec()'ing a child process to retain the open file handle, you'll be |
| 12 |
forced to proxy the packets on your own. |
| 13 |
|
| 14 |
And since you don't want to exec an instance of apache (hm, perhaps an |
| 15 |
instance of a lightweight web proxy instead, hmm) it will be less general |
| 16 |
overhead to proxy packets on your own. |
| 17 |
|
| 18 |
Technically the proxy development is not difficult, but for newbies it can be |
| 19 |
frustrating working out the nuances of processing asynchronous data arriving |
| 20 |
on one pipe let alone two. |
| 21 |
-- |
| 22 |
gentoo-user@g.o mailing list |
Archives