In order to pass through to the back-end user ip server, proxy machine needs to solve two problems:
1. When you create a socket to the back-end server, the user as the source ip ip sockets, so that the back-end server to see;
2. In the server back to the rear end of the package, can be a destination for a user's back ip package, the machine returns to the proxy, and the packet proxy machine can close off the NIC driver (link layer), and delivered to the correct application haproxy process layer
In order to solve these two problems, haproxy process and where the machine needs to do three things:
1.haproxy process is created to a back-end server tcp socket, opening IP_TRANSPARENT options, and bind user ip is the source ip;
2. The back-end server to modify routing rules, will be destined for the back of the user ip packet routing to the proxy machine;
3.proxy processing machine back pack, ip layer by TProxy by combining netfilter / iptables, the packet back to do little things, the return packet skb-> sk = sk (sk is created corresponding to the process set haproxy Sockets), so that the tcp layer can according to skb-> sk, the return package submitted for processing to haroxy process, and ultimately returned to the client.
---------------------
Author: frockee
Source: CSDN
Original: https: //blog.csdn.net/frockee/article/details/78641188
Disclaimer: This article as a blogger original article, reproduced, please attach Bowen link!