> Me and some friends have created a small irc network in which we are >implementing ssl encryption between client and server. Our original ircd did >not have this feature and now our new ircds do. The problem is in upgrading, >the whole ircd must be killed and a new one started, which causes all clients >to drop. My question is, is it possible to almost "hijack" a process, and >switch the binary without losing the pid & tcp/ip connections? Is this a >crazy and impossible idea, or has it been done? been there, done that. you *definitely* need application support for it. my (unix) solution was thus: * mark all file descriptors for non-close-on-exec * set up a signal handler for sighup (any signal will do) * upon receipt of signal, set a flag and return (exit signal handler) * server's main loop notes flag is set and... * opens a udp socket on the loopback interface * sets the send/recv buffers to really really large * sends server state as one large datagram to itself * execs new server with socket fd as an argument (preserving pid) * new server reads and restores server state from udp socket the new server now picks up where the old server left off, with dns cache info, unresolved dns queries still pending, open connections and listening sockets, etc. it's tricky, but it works once you get it right. the ssl thing might make it difficult, though. -- |-----< "CODE WARRIOR" >-----| codewarriorat_private * "ah! i see you have the internet twofsonetat_private (Andrew Brown) that goes *ping*!" andrewat_private * "information is power -- share the wealth." ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 18:27:46 PDT