All pastes #2120997 Raw Edit

Something

public diff v1 · immutable
#2120997 ·published 2012-02-23 09:51 UTC
rendered paste body
diff --git a/src/comm.cc b/src/comm.ccindex 3a90a04..0545c26 100644--- a/src/comm.cc+++ b/src/comm.cc@@ -496,9 +496,20 @@ comm_set_transparent(int fd)         /* mark the socket as having transparent options */         fd_table[fd].flags.transparent = 1;     }+#elif _SQUID_OPENBSD_+    int tos = 1;+    enter_suid();+    if (setsockopt(fd, SOL_SOCKET, SO_BINDANY, (char *) &tos, sizeof(int)) < 0) {+        debugs(50, DBG_IMPORTANT, "comm_open: setsockopt(SO_BINDANY) on FD " << fd << ": " << xstrerror());+    } else {+        /* mark the socket as having transparent options */+        fd_table[fd].flags.transparent = 1;+    }+    leave_suid(); #else     debugs(50, DBG_CRITICAL, "WARNING: comm_open: setsockopt(IP_TRANSPARENT) not supported on this platform"); #endif /* sockopt */+ }  /**diff --git a/src/ip/Intercept.cc b/src/ip/Intercept.ccindex 446b3ea..64e0891 100644--- a/src/ip/Intercept.cc+++ b/src/ip/Intercept.cc@@ -141,7 +141,7 @@ Ip::Intercept::NetfilterInterception(const Comm::ConnectionPointer &newConn, int bool Ip::Intercept::NetfilterTransparent(const Comm::ConnectionPointer &newConn, int silent) {-#if LINUX_NETFILTER+#if LINUX_NETFILTER || _SQUID_OPENBSD_     /* Trust the user configured properly. If not no harm done.      * We will simply attempt a bind outgoing on our own IP.      */@@ -428,8 +428,36 @@ Ip::Intercept::ProbeForTproxy(Ip::Address &test)         }     } -#else /* undefined IP_TRANSPARENT */-    debugs(3, 3, "setsockopt(IP_TRANSPARENT) not supported on this platform. Disabling TPROXYv4.");+#elif _SQUID_OPENBSD_+    debugs(3, 3, "Detect BINDANY support on port " << test);++    int tos = 1;+    int tmp_sock = -1;++    if (test.IsIPv6()) {+        debugs(3, 3, "...Probing for IPv6 SO_BINDANY support.");++        struct sockaddr_in6 tmp_ipv6;+        struct in6_addr tempaddr = { };+        if (!IN6_IS_ADDR_UNSPECIFIED(&tempaddr)) {+            inet_pton(AF_INET6, "2001:db8:100::1", &tempaddr);+        tmp_ipv6.sin6_addr = tempaddr;+        tmp_ipv6.sin6_family = AF_INET6;+        tmp_ipv6.sin6_port = htons(0);++        enter_suid();+        if ((tmp_sock = socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP)) >=0 &&+            (setsockopt(tmp_sock, SOL_SOCKET, SO_BINDANY, (char *)&tos,+                       sizeof(tos)) == 0) &&+            (bind(tmp_sock, (struct sockaddr*)&tmp_ipv6, sizeof(struct sockaddr_in6)) == 0)) {+            leave_suid();+            debugs(3, 3, "IPv6 BINDANY support detected. Using.");+            close(tmp_sock);+            return true;+        }+    } #endif++    debugs(3, 3, "setsockopt(IP_TRANSPARENT) not supported on this platform. Disabling TPROXYv4.");+     return false; }