Author: Mikio Kishi <mkishi@104.net>

Enable TPROXY v4 spoofing of CONNECT requests

with some code polish sourced from ViSolve

diff --git a/src/forward.cc b/src/forward.cc
index 5ebffc30b88dfa2405f0668d634073a3cd09bba4..076b72aa84f0cfc118c76e1dcbea4cea4ed8a321 100644 (file)
--- a/src/forward.cc
+++ b/src/forward.cc
@@ -860,12 +860,13 @@ FwdState::connectStart()
 
     debugs(17, 3, "fwdConnectStart: got outgoing addr " << outgoing << ", tos " << tos);
 
+    int flags = COMM_NONBLOCKING;
     if (request->flags.spoof_client_ip) {
-        fd = comm_openex(SOCK_STREAM, IPPROTO_TCP, outgoing, (COMM_NONBLOCKING|COMM_TRANSPARENT), tos, url);
-    } else {
-        fd = comm_openex(SOCK_STREAM, IPPROTO_TCP, outgoing, COMM_NONBLOCKING, tos, url);
+        flags |= COMM_TRANSPARENT;
     }
 
+    fd = comm_openex(SOCK_STREAM, IPPROTO_TCP, outgoing, flags, tos, url);
+
     debugs(17, 3, "fwdConnectStart: got TCP FD " << fd);
 
     if (fd < 0) {

diff --git a/src/tunnel.cc b/src/tunnel.cc
index 5b6635fc4635b249e5646e2b664d34da2cc3abe7..e20ff11a2547f1be55b8d66c0421abe8d26ac1f4 100644 (file)
--- a/src/tunnel.cc
+++ b/src/tunnel.cc
@@ -636,10 +636,14 @@ tunnelStart(ClientHttpRequest * http, int64_t * size_ptr, int *status_ptr)
     statCounter.server.other.requests++;
     /* Create socket. */
     IpAddress temp = getOutgoingAddr(request,NULL);
+    int flags = COMM_NONBLOCKING;
+    if (request->flags.spoof_client_ip) {
+        flags |= COMM_TRANSPARENT;
+    }
     sock = comm_openex(SOCK_STREAM,
                        IPPROTO_TCP,
                        temp,
-                       COMM_NONBLOCKING,
+                       flags,
                        getOutgoingTOS(request),
                        url);