mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-31 17:12:05 +00:00
[MINOR] add transparent proxy support for balabit's Tproxy v4
Balabit's TPROXY version 4 which replaces CTTPROXY provides a similar API to the previous proxy, but relies on IP_FREEBIND instead of IP_TRANSPARENT. Let's add it.
This commit is contained in:
parent
5b6995c31b
commit
0a45989de3
@ -66,8 +66,11 @@
|
|||||||
#include <linux/netfilter_ipv4.h>
|
#include <linux/netfilter_ipv4.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* On Linux, IP_TRANSPARENT generally requires a kernel patch */
|
/* On Linux, IP_TRANSPARENT and/or IP_FREEBIND generally require a kernel patch */
|
||||||
#if defined(CONFIG_HAP_LINUX_TPROXY)
|
#if defined(CONFIG_HAP_LINUX_TPROXY)
|
||||||
|
#if !defined(IP_FREEBIND)
|
||||||
|
#define IP_FREEBIND 15
|
||||||
|
#endif /* !IP_FREEBIND */
|
||||||
#if !defined(IP_TRANSPARENT)
|
#if !defined(IP_TRANSPARENT)
|
||||||
#define IP_TRANSPARENT 19
|
#define IP_TRANSPARENT 19
|
||||||
#endif /* !IP_TRANSPARENT */
|
#endif /* !IP_TRANSPARENT */
|
||||||
|
@ -1136,7 +1136,8 @@ static int bind_ipv4(int fd, int flags, struct sockaddr_in *local, struct sockad
|
|||||||
#ifdef CONFIG_HAP_LINUX_TPROXY
|
#ifdef CONFIG_HAP_LINUX_TPROXY
|
||||||
static int ip_transp_working = 1;
|
static int ip_transp_working = 1;
|
||||||
if (flags && ip_transp_working) {
|
if (flags && ip_transp_working) {
|
||||||
if (setsockopt(fd, SOL_IP, IP_TRANSPARENT, (char *) &one, sizeof(one)) == 0)
|
if (setsockopt(fd, SOL_IP, IP_TRANSPARENT, (char *) &one, sizeof(one)) == 0
|
||||||
|
|| setsockopt(fd, SOL_IP, IP_FREEBIND, (char *) &one, sizeof(one)) == 0)
|
||||||
foreign_ok = 1;
|
foreign_ok = 1;
|
||||||
else
|
else
|
||||||
ip_transp_working = 0;
|
ip_transp_working = 0;
|
||||||
|
@ -156,7 +156,8 @@ int tcp_bind_listener(struct listener *listener, char *errmsg, int errlen)
|
|||||||
#endif
|
#endif
|
||||||
#ifdef CONFIG_HAP_LINUX_TPROXY
|
#ifdef CONFIG_HAP_LINUX_TPROXY
|
||||||
if ((listener->options & LI_O_FOREIGN)
|
if ((listener->options & LI_O_FOREIGN)
|
||||||
&& (setsockopt(fd, SOL_IP, IP_TRANSPARENT, (char *) &one, sizeof(one)) == -1)) {
|
&& (setsockopt(fd, SOL_IP, IP_TRANSPARENT, (char *) &one, sizeof(one)) == -1)
|
||||||
|
&& (setsockopt(fd, SOL_IP, IP_FREEBIND, (char *) &one, sizeof(one)) == -1)) {
|
||||||
msg = "cannot make listening socket transparent";
|
msg = "cannot make listening socket transparent";
|
||||||
err |= ERR_ALERT;
|
err |= ERR_ALERT;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user