[stunnel-users] Stunnel forwarding IP
Michal Trojnara
Michal.Trojnara at mirt.net
Sat Jan 15 22:13:02 CET 2011
Peter Pentchev wrote:
> Okay, what do people think about the attached patch that is based on
> Jason Helfman's work in a FreeBSD PR, but abstracts the transparent
> proxying option (and the setsockopt() level, and the option's name)
> so that it supports *both* the Linux IP_TRANSPARENT implementation and
> *BSD's IP_BINDANY one, and leaves the door open for others in the
> future?
>
> I'm about to commit this patch to the FreeBSD port of stunnel in
> a couple of minutes; of course, it's up to Michal Trojnara to decide
> whether to integrate it upstream in this or any other shape or form :)
I appreciate your understanding of my principles. 8-)
I think the code should look something like:
memcpy(&addr, &c->bind_addr.addr[0], sizeof addr);
/* non-local bind on FreeBSD */
#if defined(IP_BINDANY) && defined(IPV6_BINDANY)
int on=1;
if(c->opt->option.transparent) {
if(addr.sa.sa_family==AF_INET) { /* IPv4 */
if(setsockopt(c->fd, IPPROTO_IP, IP_BINDANY, &on, sizeof
on)) {
sockerror("setsockopt IP_BINDANY");
longjmp(c->err, 1);
}
} else { /* IPv6 */
if(setsockopt(c->fd, IPPROTO_IPV6, IPV6_BINDANY, &on,
sizeof on)) {
sockerror("setsockopt IPV6_BINDANY");
longjmp(c->err, 1);
}
}
}
#endif /* non-local bind on FreeBSD */
Unfortunately I don't have any FreeBSD system configured to test it.
Can you please do it for me and let me know if it compiles/works?
Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110115/e4441698/attachment.sig>
More information about the stunnel-users
mailing list