TransProxyType replaces TransTPROXY option

I'm making this change now since ipfw will want its own option too,
and proliferating options here isn't sensible.

(See #10582 and #10267)

changes/10582_tproxy

@@ -1,7 +1,7 @@
   o Minor features:
 
     - Add support for the TPROXY transparent proxying facility on Linux.
-      See documentation for the new TransTRPOXY option for more details.
+      See documentation for the new TransProxyType option for more details.
       Implementation by "thomo". Closes ticket 10582.
 
 

doc/tor.1.txt

@@ -1183,18 +1183,22 @@ The following options are useful only for clients (that is, if
     compatibility, TransListenAddress is only allowed when TransPort is just
     a port number.)
 
-[[TransTPROXY]] **TransTPROXY** **0**|**1**::
-    TransTPROXY may only be enabled when there is transparent proxy listener
-    enabled and only for Linux.
+[[TransProxyType]] **TransProxyTYpe** **default**|**TPROXY**::
+    TransProxyType may only be enabled when there is transparent proxy listener
+    enabled.
  +
-    Set this 1 if you wish to be able to use the TPROXY linux module to
+    Set this to TPROXY if you wish to be able to use the TPROXY Linux module to
     transparently proxy connections that are configured using the TransPort
     option. This setting lets the listener on the TransPort accept connections
     for all addresses, even when the TransListenAddress is configured for an
     internal address. Detailed information on how to configure the TPROXY
-    feature can be found in the Linux kernel source tree in the file  
+    feature can be found in the Linux kernel source tree in the file
     Documentation/networking/tproxy.txt.
-    (Default: 0)
+ +
+    Set this to "default", or leave it unconfigured, to use regular IPTables
+    on Linux, or to use pf on the *BSD operating systems.
+ +
+    (Default: "default".)
 
 [[NATDPort]] **NATDPort** \['address':]__port__|**auto** [_isolation flags_]::
     Open this port to listen for connections from old versions of ipfw (as

src/or/config.c

@@ -408,7 +408,7 @@ static config_var_t option_vars_[] = {
   OBSOLETE("TrafficShaping"),
   V(TransListenAddress,          LINELIST, NULL),
   VPORT(TransPort,                   LINELIST, NULL),
-  V(TransTPROXY,                 BOOL,     "0"),
+  V(TransProxyType,              STRING,   "default"),
   V(TunnelDirConns,              BOOL,     "1"),
   V(UpdateBridgesFromAuthority,  BOOL,     "0"),
   V(UseBridges,                  BOOL,     "0"),
@@ -2517,19 +2517,30 @@ options_validate(or_options_t *old_options, or_options_t *options,
         "undefined, and there aren't any hidden services configured.  "
         "Tor will still run, but probably won't do anything.");
 
+  options->TransProxyType_parsed = TPT_DEFAULT;
 #ifdef USE_TRANSPARENT
-  if (options->TransTPROXY) {
+  if (options->TransProxyType) {
+    if (!strcasecmp(options->TransProxyType, "default")) {
+      options->TransProxyType_parsed = TPT_DEFAULT;
+    } else if (!strcasecmp(options->TransProxyType, "tproxy")) {
 #ifndef __linux__
-    REJECT("TransTPROXY is a Linux-specific feature.")
+      REJECT("TPROXY is a Linux-specific feature.");
+#else
+      options->TransProxyType_parsed = TPT_TPROXY;
 #endif
-    if (!options->TransPort_set) {
-      REJECT("Cannot use TransTPROXY without any valid TransPort or "
+    } else {
+      REJECT("Unrecognized value for TransProxyType");
+    }
+
+    if (strcasecmp(options->TransProxyType, "default") &&
+        !options->TransPort_set) {
+      REJECT("Cannot use TransProxyType without any valid TransPort or "
              "TransListenAddress.");
     }
   }
 #else
-  if (options->TransPort_set || options->TransTPROXY)
-    REJECT("TransPort, TransListenAddress, and TransTPROXY are disabled "
+  if (options->TransPort_set)
+    REJECT("TransPort and TransListenAddress are disabled "
            "in this build.");
 #endif
 

src/or/connection.c

@@ -1036,7 +1036,8 @@ connection_listener_new(const struct sockaddr *listensockaddr,
     make_socket_reuseable(s);
 
 #if defined USE_TRANSPARENT && defined(IP_TRANSPARENT)
-    if (options->TransTPROXY && type == CONN_TYPE_AP_TRANS_LISTENER) {
+    if (options->TransProxyType_parsed == TPT_TPROXY &&
+        type == CONN_TYPE_AP_TRANS_LISTENER) {
       int one = 1;
       if (setsockopt(s, SOL_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0) {
         const char *extra = "";

src/or/or.h

@@ -3498,8 +3498,10 @@ typedef struct {
   config_line_t *SocksPort_lines;
   /** Ports to listen on for transparent pf/netfilter connections. */
   config_line_t *TransPort_lines;
-  int TransTPROXY; /** < Boolean: are we going to listen for all destinations
-                    * on the TransPort_lines are required for TPROXY? */
+  const char *TransProxyType; /**< What kind of transparent proxy
+                               * implementation are we using? */
+  /** Parsed value of TransProxyType. */
+  enum { TPT_DEFAULT, TPT_TPROXY } TransProxyType_parsed;
   config_line_t *NATDPort_lines; /**< Ports to listen on for transparent natd
                             * connections. */
   config_line_t *ControlPort_lines; /**< Ports to listen on for control