Hacker News new | ask | show | jobs
by eatonphil 1948 days ago
Dumb question: this is basically the same thing as the HTTP_PROXY env variable on Linux but at the TCP level instead of HTTP?
2 comments
lian0 1948 days ago
Yes and no. There are several differences, the biggest one in my opinion is that cproxy proxies all TCP and UDP connections without requiring the underlying program supporting any proxy, while if you want to use HTTP_PROXY on a program, the program has to explicitly support HTTP_PROXY in its source code. Overall they are all methods to proxy some traffic though.
link
eatonphil 1948 days ago
Another question: do you have any numbers on the performance hit using cproxy? (I have no intuition for how cgroups performs here.)
link
lian0 1948 days ago
I didn't do any benchmark, but the performance hit should be minimal since all the heavy work are done by kernel cgroup and iptables. They are very efficient in most cases.
link
eatonphil 1948 days ago
Makes sense, thanks!
link
inshadows 1948 days ago
HTTP_PROXY is not transparent. The application has to opt-in.
link