o Minor features:
- Add support for the TPROXY transparent proxying facility on Linux.
- See documentation for the new TransTRPOXY option for more details.
+ See documentation for the new TransProxyType option for more details.
Implementation by "thomo". Closes ticket 10582.
compatibility, TransListenAddress is only allowed when TransPort is just
a port number.)
-[[TransTPROXY]] **TransTPROXY** **0**|**1**::
- TransTPROXY may only be enabled when there is transparent proxy listener
- enabled and only for Linux.
+[[TransProxyType]] **TransProxyTYpe** **default**|**TPROXY**::
+ TransProxyType may only be enabled when there is transparent proxy listener
+ enabled.
+
- Set this 1 if you wish to be able to use the TPROXY linux module to
+ Set this to TPROXY if you wish to be able to use the TPROXY Linux module to
transparently proxy connections that are configured using the TransPort
option. This setting lets the listener on the TransPort accept connections
for all addresses, even when the TransListenAddress is configured for an
internal address. Detailed information on how to configure the TPROXY
- feature can be found in the Linux kernel source tree in the file
+ feature can be found in the Linux kernel source tree in the file
Documentation/networking/tproxy.txt.
- (Default: 0)
+ +
+ Set this to "default", or leave it unconfigured, to use regular IPTables
+ on Linux, or to use pf on the *BSD operating systems.
+ +
+ (Default: "default".)
[[NATDPort]] **NATDPort** \['address':]__port__|**auto** [_isolation flags_]::
Open this port to listen for connections from old versions of ipfw (as
OBSOLETE("TrafficShaping"),
V(TransListenAddress, LINELIST, NULL),
VPORT(TransPort, LINELIST, NULL),
- V(TransTPROXY, BOOL, "0"),
+ V(TransProxyType, STRING, "default"),
V(TunnelDirConns, BOOL, "1"),
V(UpdateBridgesFromAuthority, BOOL, "0"),
V(UseBridges, BOOL, "0"),
"undefined, and there aren't any hidden services configured. "
"Tor will still run, but probably won't do anything.");
+ options->TransProxyType_parsed = TPT_DEFAULT;
#ifdef USE_TRANSPARENT
- if (options->TransTPROXY) {
+ if (options->TransProxyType) {
+ if (!strcasecmp(options->TransProxyType, "default")) {
+ options->TransProxyType_parsed = TPT_DEFAULT;
+ } else if (!strcasecmp(options->TransProxyType, "tproxy")) {
#ifndef __linux__
- REJECT("TransTPROXY is a Linux-specific feature.")
+ REJECT("TPROXY is a Linux-specific feature.");
+#else
+ options->TransProxyType_parsed = TPT_TPROXY;
#endif
- if (!options->TransPort_set) {
- REJECT("Cannot use TransTPROXY without any valid TransPort or "
+ } else {
+ REJECT("Unrecognized value for TransProxyType");
+ }
+
+ if (strcasecmp(options->TransProxyType, "default") &&
+ !options->TransPort_set) {
+ REJECT("Cannot use TransProxyType without any valid TransPort or "
"TransListenAddress.");
}
}
#else
- if (options->TransPort_set || options->TransTPROXY)
- REJECT("TransPort, TransListenAddress, and TransTPROXY are disabled "
+ if (options->TransPort_set)
+ REJECT("TransPort and TransListenAddress are disabled "
"in this build.");
#endif
make_socket_reuseable(s);
#if defined USE_TRANSPARENT && defined(IP_TRANSPARENT)
- if (options->TransTPROXY && type == CONN_TYPE_AP_TRANS_LISTENER) {
+ if (options->TransProxyType_parsed == TPT_TPROXY &&
+ type == CONN_TYPE_AP_TRANS_LISTENER) {
int one = 1;
if (setsockopt(s, SOL_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0) {
const char *extra = "";
config_line_t *SocksPort_lines;
/** Ports to listen on for transparent pf/netfilter connections. */
config_line_t *TransPort_lines;
- int TransTPROXY; /** < Boolean: are we going to listen for all destinations
- * on the TransPort_lines are required for TPROXY? */
+ const char *TransProxyType; /**< What kind of transparent proxy
+ * implementation are we using? */
+ /** Parsed value of TransProxyType. */
+ enum { TPT_DEFAULT, TPT_TPROXY } TransProxyType_parsed;
config_line_t *NATDPort_lines; /**< Ports to listen on for transparent natd
* connections. */
config_line_t *ControlPort_lines; /**< Ports to listen on for control
projects / thirdparty / tor.git / commitdiff
