1 |
On Tuesday 11 October 2005 07:37 am, Steve [Gentoo] wrote: |
2 |
> I'm also vaguely hopeful that there may |
3 |
> be a more efficient lower-level solution which wouldn't require the |
4 |
> overhead of a process to 'pass-on' the tcp data... maybe integrated with |
5 |
> ipchains or pf or similar? |
6 |
|
7 |
If you choose to roll your own solution, that would be difficult. Youve |
8 |
already accepted the connection, so the firewall is now configured to allow |
9 |
the packets back and forth only when related to your connection. |
10 |
|
11 |
Without 'exec()'ing a child process to retain the open file handle, you'll be |
12 |
forced to proxy the packets on your own. |
13 |
|
14 |
And since you don't want to exec an instance of apache (hm, perhaps an |
15 |
instance of a lightweight web proxy instead, hmm) it will be less general |
16 |
overhead to proxy packets on your own. |
17 |
|
18 |
Technically the proxy development is not difficult, but for newbies it can be |
19 |
frustrating working out the nuances of processing asynchronous data arriving |
20 |
on one pipe let alone two. |
21 |
-- |
22 |
gentoo-user@g.o mailing list |