[MINOR] add transparent proxy support for balabit's Tproxy v4

Balabit's TPROXY version 4 which replaces CTTPROXY provides a similar
API to the previous proxy, but relies on IP_FREEBIND instead of
IP_TRANSPARENT. Let's add it.
This commit is contained in:
Willy Tarreau 2008-01-13 17:37:16 +01:00
parent 5b6995c31b
commit 0a45989de3
3 changed files with 8 additions and 3 deletions

View File

@ -66,8 +66,11 @@
#include <linux/netfilter_ipv4.h> #include <linux/netfilter_ipv4.h>
#endif #endif
/* On Linux, IP_TRANSPARENT generally requires a kernel patch */ /* On Linux, IP_TRANSPARENT and/or IP_FREEBIND generally require a kernel patch */
#if defined(CONFIG_HAP_LINUX_TPROXY) #if defined(CONFIG_HAP_LINUX_TPROXY)
#if !defined(IP_FREEBIND)
#define IP_FREEBIND 15
#endif /* !IP_FREEBIND */
#if !defined(IP_TRANSPARENT) #if !defined(IP_TRANSPARENT)
#define IP_TRANSPARENT 19 #define IP_TRANSPARENT 19
#endif /* !IP_TRANSPARENT */ #endif /* !IP_TRANSPARENT */

View File

@ -1136,7 +1136,8 @@ static int bind_ipv4(int fd, int flags, struct sockaddr_in *local, struct sockad
#ifdef CONFIG_HAP_LINUX_TPROXY #ifdef CONFIG_HAP_LINUX_TPROXY
static int ip_transp_working = 1; static int ip_transp_working = 1;
if (flags && ip_transp_working) { if (flags && ip_transp_working) {
if (setsockopt(fd, SOL_IP, IP_TRANSPARENT, (char *) &one, sizeof(one)) == 0) if (setsockopt(fd, SOL_IP, IP_TRANSPARENT, (char *) &one, sizeof(one)) == 0
|| setsockopt(fd, SOL_IP, IP_FREEBIND, (char *) &one, sizeof(one)) == 0)
foreign_ok = 1; foreign_ok = 1;
else else
ip_transp_working = 0; ip_transp_working = 0;

View File

@ -156,7 +156,8 @@ int tcp_bind_listener(struct listener *listener, char *errmsg, int errlen)
#endif #endif
#ifdef CONFIG_HAP_LINUX_TPROXY #ifdef CONFIG_HAP_LINUX_TPROXY
if ((listener->options & LI_O_FOREIGN) if ((listener->options & LI_O_FOREIGN)
&& (setsockopt(fd, SOL_IP, IP_TRANSPARENT, (char *) &one, sizeof(one)) == -1)) { && (setsockopt(fd, SOL_IP, IP_TRANSPARENT, (char *) &one, sizeof(one)) == -1)
&& (setsockopt(fd, SOL_IP, IP_FREEBIND, (char *) &one, sizeof(one)) == -1)) {
msg = "cannot make listening socket transparent"; msg = "cannot make listening socket transparent";
err |= ERR_ALERT; err |= ERR_ALERT;
} }