* [MPTCP] force existing service to use MPTCP
@ 2020-11-27 18:43 Paolo Abeni
0 siblings, 0 replies; only message in thread
From: Paolo Abeni @ 2020-11-27 18:43 UTC (permalink / raw)
To: mptcp
[-- Attachment #1: Type: text/plain, Size: 1190 bytes --]
hello,
reviving this old topic.
I've experimented a bit with the LD_PRELOAD thing.
Looks like at least nginx and apache can be forced to use MPTCP instead
of TCP with a crafted unit file created automatically from the distro-
provided one.
e.g. for nginx, adding:
Conflicts=nginx.service
After=nginx.service
into the [unit] section, and:
Environment="LD_PRELOAD=/usr/lib64/use_mptcp.so"
ExecStartPre=sysctl -w net.mptcp.enabled=1
into the [Service] section.
Then I had to fight a bit with selinux. I did not really investigate
the issue, I think/fear selinux misunderstood mptcp sockets as raw
ones, so default policy fails. A bunch of:
ausearch -c 'nginx' --raw | audit2allow -M my-nginx
semodule -i my-nginx.pp
solved the problem.
Bottom line:
- the above looks tecnically viable [at least for some services]. I'm
looking for a more extended service/daemon list to investigate
fourther. I think we could/should really consider package the above in
mptcpd or the like.
- selinux (surprise, surprise!) can be a problem. Worth looking at it
(that is independent from the system we will pick to force MPTCP socket
usage)
Cheers,
Paolo
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-11-27 18:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-27 18:43 [MPTCP] force existing service to use MPTCP Paolo Abeni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.