Move the friendly warning about TPROXY and root to EPERM time

I'm doing this because:
   * User doesn't mean you're running as root, and running as root
     doesn't mean you've set User.
   * It's possible that the user has done some other
     capability-based hack to retain the necessary privileges.

diff --git a/src/or/config.c b/src/or/config.c
index a2366c06fac1cff3d7c6beb73e5685138af59be2..c921bb7317e0d01185c98548780f4c719b549737 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -2540,13 +2540,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
       REJECT("Cannot use TransTPROXY without any valid TransPort or "
              "TransListenAddress.");
     }
-    /* Friendly suggestion about running as root initially. */
-    if (!options->User) {
-      log_warn(LD_CONFIG,
-               "You have enabled TransTPROXY but have not specified the "
-               "\"User\" option. TransTPROXY will not function without "
-               "root privileges.");
-    }
   }
 #else
   if (options->TransPort_set || options->TransTPROXY)

diff --git a/src/or/connection.c b/src/or/connection.c
index 7d8feeb95ce4194d14c8a780f0e87a9ed57b65fa..6dbba668c663e7700e00757b6940fd3031024da7 100644 (file)
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1039,9 +1039,13 @@ connection_listener_new(const struct sockaddr *listensockaddr,
     if (options->TransTPROXY && type == CONN_TYPE_AP_TRANS_LISTENER) {
       int one = 1;
       if (setsockopt(s, SOL_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0) {
+        const char *extra = "";
         int e = tor_socket_errno(s);
-        log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s",
-                 tor_socket_strerror(e));
+        if (e == EPERM)
+          extra = "TransTPROXY requires root privileges or similar"
+            " capabilities.";
+        log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s.%s",
+                 tor_socket_strerror(e), extra);
       }
     }
 #endif