We've written an article on how the hijacking API 
works: http://blog.phusion.nl/2013/01/23/the-new-rack-socket-hijacking-api/