Attachment #155483 for bug #199381

View | Details | Raw Unified | Return to bug 199381
Collapse All | Expand All

Lines 1177-1184 Link Here

(-)src/or/config.c (+4 lines)
1177	/* Open /dev/pf before dropping privileges. */	1177	/* Open /dev/pf before dropping privileges. */
1178	if (options->TransPort_set) {	1178	if (options->TransPort_set) {
1179	if (get_pf_socket() < 0) {	1179	if (get_pf_socket() < 0) {
		1180	#ifndef __FreeBSD__
1180	*msg = tor_strdup("Unable to open /dev/pf for transparent proxy.");	1181	*msg = tor_strdup("Unable to open /dev/pf for transparent proxy.");
1181	goto rollback;	1182	goto rollback;
		1183	#else
		1184	/* Assume ipfw(8) is in use on FreeBSD. */
		1185	#endif
1182	}	1186	}
1183	}	1187	}
1184	#endif	1188	#endif

Lines 2222-2228 Link Here

(-)src/or/connection_edge.c (-4 / +32 lines)
2222	#endif	2222	#endif
2223		2223
2224	if (pf < 0) {	2224	if (pf < 0) {
		2225	#ifndef __FreeBSD__
2225	log_warn(LD_NET, "open(\"/dev/pf\") failed: %s", strerror(errno));	2226	log_warn(LD_NET, "open(\"/dev/pf\") failed: %s", strerror(errno));
		2227	#else
		2228	/* FreeBSD has two mutually exclusive firewalls: ipfw(8) and pf(8).
		2229	If there is no /dev/pf we assume that ipfw(8) is used to route
		2230	connections to us. So no warning here. */
		2231	#endif
2226	return -1;	2232	return -1;
2227	}	2233	}
2228		2234
Lines 2275-2280 Link Here
2275	return -1;	2281	return -1;
2276	}	2282	}
2277		2283
		2284	pf = get_pf_socket();
		2285	if (pf<0) {
		2286	#ifndef __FreeBSD__
		2287	return -1;
		2288	#else
		2289	/* ipfw(8) is used and in this case getsockname returned the original
		2290	destination */
		2291	if (proxy_sa->sa_family == AF_INET) {
		2292	struct sockaddr_in dest_addr4 = (struct sockaddr_in )proxy_sa;
		2293	tor_addr_from_ipv4n(&addr, dest_addr4->sin_addr.s_addr);
		2294	req->port = ntohs(dest_addr4->sin_port);
		2295	} else if (proxy_sa->sa_family == AF_INET6) {
		2296	struct sockaddr_in6 dest_addr6 = (struct sockaddr_in6 )proxy_sa;
		2297	tor_addr_from_in6(&addr, &dest_addr6->sin6_addr);
		2298	req->port = ntohs(dest_addr6->sin6_port);
		2299	} else {
		2300	tor_fragile_assert();
		2301	return -1;
		2302	}
		2303
		2304	tor_addr_to_str(req->address, &addr, sizeof(req->address), 0);
		2305
		2306	return 0;
		2307	#endif
		2308	}
		2309
2278	memset(&pnl, 0, sizeof(pnl));	2310	memset(&pnl, 0, sizeof(pnl));
2279	pnl.proto = IPPROTO_TCP;	2311	pnl.proto = IPPROTO_TCP;
2280	pnl.direction = PF_OUT;	2312	pnl.direction = PF_OUT;
Lines 2299-2308 Link Here
2299	return -1;	2331	return -1;
2300	}	2332	}
2301		2333
2302	pf = get_pf_socket();
2303	if (pf<0)
2304	return -1;
2305
2306	if (ioctl(pf, DIOCNATLOOK, &pnl) < 0) {	2334	if (ioctl(pf, DIOCNATLOOK, &pnl) < 0) {
2307	log_warn(LD_NET, "ioctl(DIOCNATLOOK) failed: %s", strerror(errno));	2335	log_warn(LD_NET, "ioctl(DIOCNATLOOK) failed: %s", strerror(errno));
2308	return -1;	2336	return -1;

Return to bug 199381