mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
TransProxyType replaces TransTPROXY option
I'm making this change now since ipfw will want its own option too, and proliferating options here isn't sensible. (See #10582 and #10267)
This commit is contained in:
parent
00ec6e6af0
commit
5991f9a156
@ -1,7 +1,7 @@
|
||||
o Minor features:
|
||||
|
||||
- Add support for the TPROXY transparent proxying facility on Linux.
|
||||
See documentation for the new TransTRPOXY option for more details.
|
||||
See documentation for the new TransProxyType option for more details.
|
||||
Implementation by "thomo". Closes ticket 10582.
|
||||
|
||||
|
||||
|
@ -1183,18 +1183,22 @@ The following options are useful only for clients (that is, if
|
||||
compatibility, TransListenAddress is only allowed when TransPort is just
|
||||
a port number.)
|
||||
|
||||
[[TransTPROXY]] **TransTPROXY** **0**|**1**::
|
||||
TransTPROXY may only be enabled when there is transparent proxy listener
|
||||
enabled and only for Linux.
|
||||
[[TransProxyType]] **TransProxyTYpe** **default**|**TPROXY**::
|
||||
TransProxyType may only be enabled when there is transparent proxy listener
|
||||
enabled.
|
||||
+
|
||||
Set this 1 if you wish to be able to use the TPROXY linux module to
|
||||
Set this to TPROXY if you wish to be able to use the TPROXY Linux module to
|
||||
transparently proxy connections that are configured using the TransPort
|
||||
option. This setting lets the listener on the TransPort accept connections
|
||||
for all addresses, even when the TransListenAddress is configured for an
|
||||
internal address. Detailed information on how to configure the TPROXY
|
||||
feature can be found in the Linux kernel source tree in the file
|
||||
feature can be found in the Linux kernel source tree in the file
|
||||
Documentation/networking/tproxy.txt.
|
||||
(Default: 0)
|
||||
+
|
||||
Set this to "default", or leave it unconfigured, to use regular IPTables
|
||||
on Linux, or to use pf on the *BSD operating systems.
|
||||
+
|
||||
(Default: "default".)
|
||||
|
||||
[[NATDPort]] **NATDPort** \['address':]__port__|**auto** [_isolation flags_]::
|
||||
Open this port to listen for connections from old versions of ipfw (as
|
||||
|
@ -408,7 +408,7 @@ static config_var_t option_vars_[] = {
|
||||
OBSOLETE("TrafficShaping"),
|
||||
V(TransListenAddress, LINELIST, NULL),
|
||||
VPORT(TransPort, LINELIST, NULL),
|
||||
V(TransTPROXY, BOOL, "0"),
|
||||
V(TransProxyType, STRING, "default"),
|
||||
V(TunnelDirConns, BOOL, "1"),
|
||||
V(UpdateBridgesFromAuthority, BOOL, "0"),
|
||||
V(UseBridges, BOOL, "0"),
|
||||
@ -2517,19 +2517,30 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
||||
"undefined, and there aren't any hidden services configured. "
|
||||
"Tor will still run, but probably won't do anything.");
|
||||
|
||||
options->TransProxyType_parsed = TPT_DEFAULT;
|
||||
#ifdef USE_TRANSPARENT
|
||||
if (options->TransTPROXY) {
|
||||
if (options->TransProxyType) {
|
||||
if (!strcasecmp(options->TransProxyType, "default")) {
|
||||
options->TransProxyType_parsed = TPT_DEFAULT;
|
||||
} else if (!strcasecmp(options->TransProxyType, "tproxy")) {
|
||||
#ifndef __linux__
|
||||
REJECT("TransTPROXY is a Linux-specific feature.")
|
||||
REJECT("TPROXY is a Linux-specific feature.");
|
||||
#else
|
||||
options->TransProxyType_parsed = TPT_TPROXY;
|
||||
#endif
|
||||
if (!options->TransPort_set) {
|
||||
REJECT("Cannot use TransTPROXY without any valid TransPort or "
|
||||
} else {
|
||||
REJECT("Unrecognized value for TransProxyType");
|
||||
}
|
||||
|
||||
if (strcasecmp(options->TransProxyType, "default") &&
|
||||
!options->TransPort_set) {
|
||||
REJECT("Cannot use TransProxyType without any valid TransPort or "
|
||||
"TransListenAddress.");
|
||||
}
|
||||
}
|
||||
#else
|
||||
if (options->TransPort_set || options->TransTPROXY)
|
||||
REJECT("TransPort, TransListenAddress, and TransTPROXY are disabled "
|
||||
if (options->TransPort_set)
|
||||
REJECT("TransPort and TransListenAddress are disabled "
|
||||
"in this build.");
|
||||
#endif
|
||||
|
||||
|
@ -1036,7 +1036,8 @@ connection_listener_new(const struct sockaddr *listensockaddr,
|
||||
make_socket_reuseable(s);
|
||||
|
||||
#if defined USE_TRANSPARENT && defined(IP_TRANSPARENT)
|
||||
if (options->TransTPROXY && type == CONN_TYPE_AP_TRANS_LISTENER) {
|
||||
if (options->TransProxyType_parsed == TPT_TPROXY &&
|
||||
type == CONN_TYPE_AP_TRANS_LISTENER) {
|
||||
int one = 1;
|
||||
if (setsockopt(s, SOL_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0) {
|
||||
const char *extra = "";
|
||||
|
@ -3498,8 +3498,10 @@ typedef struct {
|
||||
config_line_t *SocksPort_lines;
|
||||
/** Ports to listen on for transparent pf/netfilter connections. */
|
||||
config_line_t *TransPort_lines;
|
||||
int TransTPROXY; /** < Boolean: are we going to listen for all destinations
|
||||
* on the TransPort_lines are required for TPROXY? */
|
||||
const char *TransProxyType; /**< What kind of transparent proxy
|
||||
* implementation are we using? */
|
||||
/** Parsed value of TransProxyType. */
|
||||
enum { TPT_DEFAULT, TPT_TPROXY } TransProxyType_parsed;
|
||||
config_line_t *NATDPort_lines; /**< Ports to listen on for transparent natd
|
||||
* connections. */
|
||||
config_line_t *ControlPort_lines; /**< Ports to listen on for control
|
||||
|
Loading…
Reference in New Issue
Block a user