upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-03 20:39:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
haproxy/include/common
History
KOVACS Krisztian b3e54fe387 MAJOR: namespace: add Linux network namespace support 
This patch makes it possible to create binds and servers in separate
namespaces.  This can be used to proxy between multiple completely independent
virtual networks (with possibly overlapping IP addresses) and a
non-namespace-aware proxy implementation that supports the proxy protocol (v2).

The setup is something like this:

net1 on VLAN 1 (namespace 1) -\
net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0)
net3 on VLAN 3 (namespace 3) -/

The proxy is configured to make server connections through haproxy and sending
the expected source/target addresses to haproxy using the proxy protocol.

The network namespace setup on the haproxy node is something like this:

= 8< =
$ cat setup.sh
ip netns add 1
ip link add link eth1 type vlan id 1
ip link set eth1.1 netns 1
ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1
ip netns exec 1 ip link set eth1.$id up
...
= 8< =

= 8< =
$ cat haproxy.cfg
frontend clients
  bind 127.0.0.1:50022 namespace 1 transparent
  default_backend scb

backend server
  mode tcp
  server server1 192.168.122.4:2222 namespace 2 send-proxy-v2
= 8< =

A bind line creates the listener in the specified namespace, and connections
originating from that listener also have their network namespace set to
that of the listener.

A server line either forces the connection to be made in a specified
namespace or may use the namespace from the client-side connection if that
was set.

For more documentation please read the documentation included in the patch
itself.

Signed-off-by: KOVACS Tamas <ktamas@balabit.com>
Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com>
Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-21 07:51:57 +01:00
..
accept4.h BUILD: syscalls: remove improper inline statement in front of syscalls 2014-05-08 22:38:02 +02:00
appsession.h [MINOR] Make appsess{,ion}_refresh static 2011-06-25 21:07:01 +02:00
base64.h [MINOR] add encode/decode function for 30-bit integers from/to base64 2010-10-30 19:04:33 +02:00
buffer.h CLEANUP: buffers: remove unused function buffer_contig_space_with_res() 2014-04-24 17:19:22 +02:00
cfgparse.h MEDIUM: config: report it when tcp-request rules are misplaced 2014-09-16 15:43:24 +02:00
chunk.h MINOR: chunks: centralize the trash chunk allocation 2012-12-23 21:46:07 +01:00
compat.h BUILD: fix dependencies between config and compat.h 2014-07-15 19:09:36 +02:00
compiler.h CLEANUP: ebtree: clarify licence and update to 6.0.6 2011-12-02 17:09:49 +01:00
config.h BUILD: fix dependencies between config and compat.h 2014-07-15 19:09:36 +02:00
debug.h [MINOR] term_trace: add better instrumentations to trace the code 2008-08-16 14:55:08 +02:00
defaults.h MEDIUM: stick-table: make it easier to register extra data types 2014-07-15 19:14:52 +02:00
epoll.h MAJOR: polling: replace epoll with sepoll and remove sepoll 2012-11-11 20:53:30 +01:00
errors.h [MINOR] errors: provide new status codes for config parsing functions 2010-08-10 14:01:15 +02:00
hash.h BUG/MEDIUM: backend: Update hash to use unsigned int throughout 2014-07-08 22:00:21 +02:00
memory.h MINOR: cli: add the new "show pools" command 2014-01-28 16:50:35 +01:00
mini-clist.h BUG/MEDIUM: prevent gcc from moving empty keywords lists into BSS 2013-06-21 23:29:02 +02:00
namespace.h MAJOR: namespace: add Linux network namespace support 2014-11-21 07:51:57 +01:00
rbtree.h [MINOR] imported the rbtree function from Linux kernel 2007-01-07 02:12:57 +01:00
regex.h MEDIUM: regex: Use pcre_study always when PCRE is used, regardless of JIT 2014-11-18 13:26:18 +01:00
sessionhash.h [MAJOR] remove files distributed under an obscure license 2007-09-09 21:56:53 +02:00
splice.h BUILD: syscalls: remove improper inline statement in front of syscalls 2014-05-08 22:38:02 +02:00
standard.h MINOR: sample: add "json" converter 2014-10-26 06:41:12 +01:00
syscall.h BUILD: syscalls: remove improper inline statement in front of syscalls 2014-05-08 22:38:02 +02:00
template.h [CLEANUP] included common/version.h everywhere 2006-06-29 18:54:54 +02:00
ticks.h [MEDIUM] scheduler: get rid of the 4 trees thanks and use ebtree v4.1 2009-03-21 10:25:14 +01:00
time.h BUILD: time: adapt the type of TV_ETERNITY to the local system 2013-12-13 09:22:23 +01:00
tools.h [MINOR] tools: add two macros MID_RANGE and MAX_RANGE 2011-03-28 15:55:43 +02:00
uri_auth.h [REORG] http: move the http-request rules to proto_http 2011-03-13 22:00:24 +01:00
version.h DOC: stop referencing the slow git repository in the README 2014-05-10 11:04:39 +02:00