Move IP_TRANSPARENT setting into comm_openex(...)

Author: Laszlo Attilla Toth <panther@balabit.hu>

Adds flag COMM_TRANSPARENT which must be passed to comm_openex() for
transparent ports.

diff --git a/src/client_side.cc b/src/client_side.cc
index e61c745c6828aa10a25b06fe61d064eba3951a9d..0c247a29183fe46bcabd1619f6dac48d73873bfe 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -2735,7 +2735,7 @@ connStateCreate(const IPAddress &peer, const IPAddress &me, int fd, http_port_li
         IPAddress dst;
 
         if (clientNatLookup(fd, me, peer, dst) == 0) {
-            result-> me = dst; /* XXX This should be moved to another field */
+            result->me = dst; /* XXX This should be moved to another field */
             result->transparent(true);
         }
     }
@@ -3113,22 +3113,22 @@ clientHttpConnectionsOpen(void)
 #endif
 
         enter_suid();
-        fd = comm_open(SOCK_STREAM,
-                       IPPROTO_TCP,
-                       s->s,
-                       COMM_NONBLOCKING, "HTTP Socket");
+
+#if LINUX_TPROXY4
+        if(s->tproxy) {
+            fd = comm_openex(SOCK_STREAM, IPPROTO_TCP, s->s, (COMM_NONBLOCKING|COMM_TRANSPARENT), 0, "HTTP Socket");
+        }
+        else
+#endif
+        {
+            fd = comm_open(SOCK_STREAM, IPPROTO_TCP, s->s, COMM_NONBLOCKING, "HTTP Socket");
+        }
+
         leave_suid();
 
         if (fd < 0)
             continue;
 
-#if LINUX_TPROXY4
-        /* because the transparent/non-transparent port info is only known here.
-         * we have to set the IP_TRANSPARENT option here. */
-        if(s->tproxy)
-            comm_set_transparent(fd);
-#endif
-
         comm_listen(fd);
 
         comm_accept(fd, httpAccept, s);

diff --git a/src/comm.cc b/src/comm.cc
index 5f4ca13d057836992ec5ebd1a84393af972fb109..a3c4a274f8031f28e7b2140f93d2ccfa4e0d7e52 100644 (file)
--- a/src/comm.cc
+++ b/src/comm.cc
@@ -670,7 +670,6 @@ comm_openex(int sock_type,
     addr.GetAddrInfo(AI);
     AI->ai_socktype = sock_type;
     AI->ai_protocol = proto;
-    AI->ai_flags = flags;
 
     debugs(50, 3, "comm_openex: Attempt open socket for: " << addr );
 
@@ -771,6 +770,13 @@ comm_openex(int sock_type,
             PROF_stop(comm_open);
         }
 
+#if LINUX_TPROXY4
+    if((flags & COMM_TRANSPARENT)) {
+        comm_set_transparent(new_socket);
+        F->flags.transparent = 1;
+    }
+#endif
+
 #ifdef TCP_NODELAY
     if (sock_type == SOCK_STREAM)
         commSetTcpNoDelay(new_socket);

diff --git a/src/defines.h b/src/defines.h
index dac189e1c1bc31a07ec0e2c6e138d4b00409e56e..f5dcaf88635ac55ba91e60ba2dbaeb00b37a4bbd 100644 (file)
--- a/src/defines.h
+++ b/src/defines.h
@@ -65,6 +65,7 @@
 #define COMM_NONBLOCKING       0x01
 #define COMM_NOCLOEXEC         0x02
 #define COMM_REUSEADDR         0x04
+#define COMM_TRANSPARENT       0x08
 
 #include "Debug.h"
 #define do_debug(SECTION, LEVEL) ((Debug::level = (LEVEL)) > Debug::Levels[SECTION])

diff --git a/src/forward.cc b/src/forward.cc
index 1b773e40554b1de71e95a8a93201ecf9ade157e5..139188a7ad8c804600e3271cabc262924af6348f 100644 (file)
--- a/src/forward.cc
+++ b/src/forward.cc
@@ -845,12 +845,15 @@ FwdState::connectStart()
 
     debugs(17, 3, "fwdConnectStart: got outgoing addr " << outgoing << ", tos " << tos);
 
-    fd = comm_openex(SOCK_STREAM,
-                     IPPROTO_TCP,
-                     outgoing,
-                     COMM_NONBLOCKING,
-                     tos,
-                     url);
+#if LINUX_TPROXY4
+    if (request->flags.tproxy) {
+        fd = comm_openex(SOCK_STREAM, IPPROTO_TCP, outgoing, (COMM_NONBLOCKING|COMM_TRANSPARENT), tos, url);
+    }
+    else
+#endif
+    {
+        fd = comm_openex(SOCK_STREAM, IPPROTO_TCP, outgoing, COMM_NONBLOCKING, tos, url);
+    }
 
     debugs(17, 3, "fwdConnectStart: got TCP FD " << fd);
 
@@ -1262,6 +1265,11 @@ getOutgoingAddr(HttpRequest * request)
 {
     ACLChecklist ch;
 
+#if LINUX_TPROXY4
+    if (request && request->flags.tproxy)
+        return request->client_addr;
+#endif
+
     if (request)
     {
         ch.src_addr = request->client_addr;