upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-03 20:39:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
haproxy/include/types
History
KOVACS Krisztian b3e54fe387 MAJOR: namespace: add Linux network namespace support 
This patch makes it possible to create binds and servers in separate
namespaces.  This can be used to proxy between multiple completely independent
virtual networks (with possibly overlapping IP addresses) and a
non-namespace-aware proxy implementation that supports the proxy protocol (v2).

The setup is something like this:

net1 on VLAN 1 (namespace 1) -\
net2 on VLAN 2 (namespace 2) -- haproxy ==== proxy (namespace 0)
net3 on VLAN 3 (namespace 3) -/

The proxy is configured to make server connections through haproxy and sending
the expected source/target addresses to haproxy using the proxy protocol.

The network namespace setup on the haproxy node is something like this:

= 8< =
$ cat setup.sh
ip netns add 1
ip link add link eth1 type vlan id 1
ip link set eth1.1 netns 1
ip netns exec 1 ip addr add 192.168.91.2/24 dev eth1.1
ip netns exec 1 ip link set eth1.$id up
...
= 8< =

= 8< =
$ cat haproxy.cfg
frontend clients
  bind 127.0.0.1:50022 namespace 1 transparent
  default_backend scb

backend server
  mode tcp
  server server1 192.168.122.4:2222 namespace 2 send-proxy-v2
= 8< =

A bind line creates the listener in the specified namespace, and connections
originating from that listener also have their network namespace set to
that of the listener.

A server line either forces the connection to be made in a specified
namespace or may use the namespace from the client-side connection if that
was set.

For more documentation please read the documentation included in the patch
itself.

Signed-off-by: KOVACS Tamas <ktamas@balabit.com>
Signed-off-by: Sarkozi Laszlo <laszlo.sarkozi@balabit.com>
Signed-off-by: KOVACS Krisztian <hidden@balabit.com>
2014-11-21 07:51:57 +01:00
..
acl.h BUG/MEDIUM: patterns: last fix was still not enough 2014-04-28 14:19:17 +02:00
arg.h MINOR: tcp: prepare support for the "capture" action 2014-06-13 16:32:48 +02:00
auth.h MAJOR: auth: Change the internal authentication system. 2014-03-17 18:06:06 +01:00
backend.h MEDIUM: backend: add support for the wt6 hash 2013-11-14 16:37:50 +01:00
capture.h MINOR: capture: extend the captures to support non-header keys 2014-06-13 16:32:48 +02:00
channel.h BUG/CRITICAL: http: don't update msg->sov once data start to leave the buffer 2014-09-02 16:48:54 +02:00
checks.h BUG/MEDIUM: checks: fix conflicts between agent checks and ssl healthchecks 2014-11-16 00:53:12 +01:00
compression.h MEDIUM: compression: use pool for comp_ctx 2012-11-21 01:56:47 +01:00
connection.h MAJOR: namespace: add Linux network namespace support 2014-11-21 07:51:57 +01:00
counters.h MEDIUM: session: maintain per-backend and per-server time statistics 2014-06-17 17:15:56 +02:00
fd.h BUG/MEDIUM: polling: fix possible CPU hogging of worker processes after receiving SIGUSR1. 2014-05-20 14:57:36 +02:00
freq_ctr.h [MINOR] freq_ctr: add new types and functions for periods different from 1s 2010-08-10 14:01:09 +02:00
global.h MINOR: ssl: add statement to force some ssl options in global. 2014-10-30 17:06:29 +01:00
hdr_idx.h [BUG] files were missing for hdr_idx in previous commit 2006-12-04 02:20:02 +01:00
lb_chash.h [MEDIUM] build: switch ebtree users to use new ebtree version 2009-10-26 21:10:04 +01:00
lb_fas.h MEDIUM: backend: add the 'first' balancing algorithm 2012-02-21 22:27:27 +01:00
lb_fwlc.h [MEDIUM] build: switch ebtree users to use new ebtree version 2009-10-26 21:10:04 +01:00
lb_fwrr.h [MEDIUM] build: switch ebtree users to use new ebtree version 2009-10-26 21:10:04 +01:00
lb_map.h [CLEANUP] proxy: move last lb-specific bits to their respective files 2009-10-03 18:41:18 +02:00
listener.h MAJOR: namespace: add Linux network namespace support 2014-11-21 07:51:57 +01:00
log.h MINOR: log: add a new field "%lc" to implement a per-frontend log counter 2014-08-28 15:08:14 +02:00
map.h MAJOR: pattern/map: Extends the map edition system in the patterns 2014-03-17 18:06:07 +01:00
obj_type.h DIET/MINOR: obj: pack the obj_type enum to 8 bits 2013-12-09 16:06:08 +01:00
pattern.h BUG/MEDIUM: patterns: last fix was still not enough 2014-04-28 14:19:17 +02:00
peers.h CLEANUP: Remove unused 'last_slowstart_change' field from struct peer 2013-11-19 08:04:59 +01:00
pipe.h [MEDIUM] introduce pipe pools 2009-01-25 13:49:53 +01:00
port_range.h [MEDIUM] add support for binding to source port ranges during connect 2009-06-10 12:23:32 +02:00
proto_http.h MEDIUM: http: add the track-sc* actions to http-request rules 2014-07-16 17:26:40 +02:00
proto_tcp.h MINOR: tcp: prepare support for the "capture" action 2014-06-13 16:32:48 +02:00
protocol.h MEDIUM: listener: implement a per-protocol pause() function 2014-07-08 01:13:34 +02:00
proxy.h MINOR: log: add a new field "%lc" to implement a per-frontend log counter 2014-08-28 15:08:14 +02:00
queue.h [MAJOR] ported pendconn to mempools v2 2007-05-13 20:19:55 +02:00
sample.h MINOR: configuration: File and line propagation 2014-03-17 18:06:08 +01:00
server.h MAJOR: namespace: add Linux network namespace support 2014-11-21 07:51:57 +01:00
session.h CLEANUP: session: move the stick counters declarations to stick_table.h 2014-07-16 17:26:40 +02:00
signal.h [MEDIUM] signals: add support for registering functions and tasks 2010-08-27 18:00:40 +02:00
ssl_sock.h MEDIUM: ssl: improve crt-list format to support negation 2013-05-07 22:11:54 +02:00
stick_table.h CLEANUP: session: move the stick counters declarations to stick_table.h 2014-07-16 17:26:40 +02:00
stream_interface.h MEDIUM: dumpstats: Display error message during add of values. 2014-03-17 18:06:08 +01:00
task.h DIET/MINOR: task: reduce struct task size by 8 bytes 2013-12-09 16:06:22 +01:00
template.h [CLEANUP] included common/version.h everywhere 2006-06-29 18:54:54 +02:00