On 2017-06-07, Marko Cupać <marko.cu...@mimar.rs> wrote: > Now as for relayd, I never used it. If someone gave me working example > and an explanation why it is better than my current solution, I'd be > glad to switch, and pass the word around :)
When your proxy is nc run from inetd, you have to fork when answering each connection, and the timeout handling using -w is a complete bodge. relayd uses a pool of pre-forked processes (quicker connection setup), and once the connection is setup "socket splicing" is used so shunting packets between connections is more efficient (zero copy). But unless you need relayd features (adjusting tcp parameters, checking that backends are up, etc) it's lighter-weight again to just keep it in the kernel by using PF as I described.