Dear netfilter hackers,
I'm studying options for Hot Upgrade for servers that require high availability.
Is it possible using netfilter to
a- redirect TCP traffic from port 10000 (visible to the public) to
port 10010 (invisible to the public)
b- change the rule so that that traffic to port 10000 is now
redirected to port 10020 (also invisible to the public) *except* for
packets associated with existing connections, that will remain
redirected to port 10010.
I can imagine that others have needed this feature and that it already
exists. Or I can imagine that nobody bothered about the connections
that were lost. I can also imagine heavyweight ways to do everything
in user-space, with the old server passing the TCP socket fd to the
new server over a AF_UNIX socket.
So -- has it been done before? If not, how hard would it be to add a
packet filter that would do that -- and that could be updated
dynamically to switch again to another port, etc.?
--#f
"I object to doing things that computers can do."
— Olin Shivers
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
