Hi Squid I am running my development tools and VMs in a dedicated network namespace on my laptop (through Linux "netns"), so they are fully isolated from the rest of my network. I would like to set-up a proxy so that if there is a need to connect to the outside, I could set-up some fine grained ACL to open some very specific HTTP traffic. For this to work with Squid, there must be a socket opened within the namespace, while Squid is still running on the default namespace. This can be achieved without modifying the code by using socat for example, where a socat running within the namespace sends traffic to a Unix socket, and another socat outside the namespace, reads from the Unix socket, and sends the traffic to Squid... it's quite some plumbing effort, and Squid won't be able to know from which VM the traffic originates (the X-Forwarded-For is localhost) Seeing that HAProxy implemented something (https://github.com/haproxy/haproxy/commit/b3e54fe387c7c1ea750f39d3029672d640c499f9) so that the process moves into the namespace just for the time of the socket creation, I came up with a similar change for Squid (https://github.com/freedge/squid/commit/a778666d8f4760448e29e4a0cc75dcd305b40d02). As this is a Linux only change, and also the community lived without it so far, I am sending this mail to see if there is any interest in this feature, if there was ever any request for it in the past? Cheers! _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
