[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Socket activation



On Wed, Sep 4, 2013 at 11:14 AM, Clayton Coleman <ccoleman redhat com> wrote:
> Can we run socat behind iptables in a massively multiplexed fashion?  I think the hard part here is the handoff - we want to be able to go from idle to active without interrupting a connection.  Can we change iptables midflight to start routing incoming packets to the backend if we had a tcp proxy handling idle connections?

That's not the method I was suggesting. I was talking about using
systemd (or, similarly, xinetd) to listen on the socket at a system
level, start the container, pass the socket in pre-initialized, and
have the daemon take it over. The problem is that not all daemons
support this, so I was mentioning that socat could be a shim that
accepts the socket and forwards to and from a traditional TCP port or
a Unix domain socket.

This does not require dropping or ignoring any packets, not does it
involve real-time iptables reconfiguration.

-- 
David Strauss
   | david davidstrauss net
   | +1 512 577 5827 [mobile]


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]