[MINOR] add transparent proxy support for balabit's Tproxy v4

Balabit's TPROXY version 4 which replaces CTTPROXY provides a similar API to the previous proxy, but relies on IP_FREEBIND instead of IP_TRANSPARENT. Let's add it.
2024-12-28 15:42:30 +00:00 · 2008-01-13 17:37:16 +01:00 · 2008-01-13 17:37:16 +01:00 · 0a45989de3
commit 0a45989de3
parent 5b6995c31b
3 changed files with 8 additions and 3 deletions
--- a/include/common/compat.h
+++ b/include/common/compat.h
@ -66,8 +66,11 @@
 #include <linux/netfilter_ipv4.h>
 #endif

-/* On Linux, IP_TRANSPARENT generally requires a kernel patch */
+/* On Linux, IP_TRANSPARENT and/or IP_FREEBIND generally require a kernel patch */
 #if defined(CONFIG_HAP_LINUX_TPROXY)
+#if !defined(IP_FREEBIND)
+#define IP_FREEBIND 15
+#endif /* !IP_FREEBIND */
 #if !defined(IP_TRANSPARENT)
 #define IP_TRANSPARENT 19
 #endif /* !IP_TRANSPARENT */
--- a/src/backend.c
+++ b/src/backend.c
@ -1136,7 +1136,8 @@ static int bind_ipv4(int fd, int flags, struct sockaddr_in *local, struct sockad
 #ifdef CONFIG_HAP_LINUX_TPROXY
 	static int ip_transp_working = 1;
 	if (flags && ip_transp_working) {
-		if (setsockopt(fd, SOL_IP, IP_TRANSPARENT, (char *) &one, sizeof(one)) == 0)
+		if (setsockopt(fd, SOL_IP, IP_TRANSPARENT, (char *) &one, sizeof(one)) == 0
+		    || setsockopt(fd, SOL_IP, IP_FREEBIND, (char *) &one, sizeof(one)) == 0)
 			foreign_ok = 1;
 		else
 			ip_transp_working = 0;
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@ -156,7 +156,8 @@ int tcp_bind_listener(struct listener *listener, char *errmsg, int errlen)
 #endif
 #ifdef CONFIG_HAP_LINUX_TPROXY
 	if ((listener->options & LI_O_FOREIGN) 
-	    && (setsockopt(fd, SOL_IP, IP_TRANSPARENT, (char *) &one, sizeof(one)) == -1)) {
+	    && (setsockopt(fd, SOL_IP, IP_TRANSPARENT, (char *) &one, sizeof(one)) == -1)
+	    && (setsockopt(fd, SOL_IP, IP_FREEBIND, (char *) &one, sizeof(one)) == -1)) {
 		msg = "cannot make listening socket transparent";
 		err |= ERR_ALERT;
 	}