|
> If I want to analyse the content of requests before I
> redirect it to real
> server,and perhaps
> I choose a real server by search from database.Do it in kernel is very
> difficult even impossible!But if I do it under user layer and create a
> socket to connect to the real server,
> I have to read from one socket and write to another,it's to
> expensive.I
> want the sockets can
> be joined in the kernel,so I need not copy them.Would you give me some
> advices and referrence?
> Than you very much!
maybe you can use iptables to DNAT/redirect the request into a specific
IP/port/vip instead of using a database. iptables can do content filtering
& is in the kernel. If you want to see an example of this, on
securityfocus.com check the "focus linux" section.
P
|
