On Tuesday 11 October 2005 07:37 am, Steve [Gentoo] wrote: > I'm also vaguely hopeful that there may > be a more efficient lower-level solution which wouldn't require the > overhead of a process to 'pass-on' the tcp data... maybe integrated with > ipchains or pf or similar?
If you choose to roll your own solution, that would be difficult. Youve already accepted the connection, so the firewall is now configured to allow the packets back and forth only when related to your connection. Without 'exec()'ing a child process to retain the open file handle, you'll be forced to proxy the packets on your own. And since you don't want to exec an instance of apache (hm, perhaps an instance of a lightweight web proxy instead, hmm) it will be less general overhead to proxy packets on your own. Technically the proxy development is not difficult, but for newbies it can be frustrating working out the nuances of processing asynchronous data arriving on one pipe let alone two. -- gentoo-user@gentoo.org mailing list