Peter Pentchev wrote:
Okay, what do people think about the attached patch that is based on Jason Helfman's work in a FreeBSD PR, but abstracts the transparent proxying option (and the setsockopt() level, and the option's name) so that it supports *both* the Linux IP_TRANSPARENT implementation and *BSD's IP_BINDANY one, and leaves the door open for others in the future?
I'm about to commit this patch to the FreeBSD port of stunnel in a couple of minutes; of course, it's up to Michal Trojnara to decide whether to integrate it upstream in this or any other shape or form :)
I appreciate your understanding of my principles. 8-)
I think the code should look something like:
memcpy(&addr, &c->bind_addr.addr[0], sizeof addr); /* non-local bind on FreeBSD */ #if defined(IP_BINDANY) && defined(IPV6_BINDANY) int on=1; if(c->opt->option.transparent) { if(addr.sa.sa_family==AF_INET) { /* IPv4 */ if(setsockopt(c->fd, IPPROTO_IP, IP_BINDANY, &on, sizeof on)) { sockerror("setsockopt IP_BINDANY"); longjmp(c->err, 1); } } else { /* IPv6 */ if(setsockopt(c->fd, IPPROTO_IPV6, IPV6_BINDANY, &on, sizeof on)) { sockerror("setsockopt IPV6_BINDANY"); longjmp(c->err, 1); } } } #endif /* non-local bind on FreeBSD */
Unfortunately I don't have any FreeBSD system configured to test it. Can you please do it for me and let me know if it compiles/works?
Mike