FreeBSD Bugzilla – Attachment 155483 Details for
Bug 199381
[security/tor] [PATCH] Make tor able to work with ipfw(8)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
patch-zz-yuri.patch (text/plain), 2.10 KB, created by
Yuri Victorovich
on 2015-04-11 23:12:17 UTC
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Yuri Victorovich
Created:
2015-04-11 23:12:17 UTC
Size:
2.10 KB
patch
obsolete
>--- src/or/config.c 2013-12-02 00:49:44.000000000 -0800 >+++ src/or/config.c 2013-12-02 00:59:06.000000000 -0800 >@@ -1177,8 +1177,12 @@ > /* Open /dev/pf before dropping privileges. */ > if (options->TransPort_set) { > if (get_pf_socket() < 0) { >+#ifndef __FreeBSD__ > *msg = tor_strdup("Unable to open /dev/pf for transparent proxy."); > goto rollback; >+#else >+ /* Assume ipfw(8) is in use on FreeBSD. */ >+#endif > } > } > #endif >--- src/or/connection_edge.c 2013-12-02 00:49:44.000000000 -0800 >+++ src/or/connection_edge.c 2013-12-02 01:19:09.000000000 -0800 >@@ -2222,7 +2222,13 @@ > #endif > > if (pf < 0) { >+#ifndef __FreeBSD__ > log_warn(LD_NET, "open(\"/dev/pf\") failed: %s", strerror(errno)); >+#else >+ /* FreeBSD has two mutually exclusive firewalls: ipfw(8) and pf(8). >+ If there is no /dev/pf we assume that ipfw(8) is used to route >+ connections to us. So no warning here. */ >+#endif > return -1; > } > >@@ -2275,6 +2281,32 @@ > return -1; > } > >+ pf = get_pf_socket(); >+ if (pf<0) { >+#ifndef __FreeBSD__ >+ return -1; >+#else >+ /* ipfw(8) is used and in this case getsockname returned the original >+ destination */ >+ if (proxy_sa->sa_family == AF_INET) { >+ struct sockaddr_in *dest_addr4 = (struct sockaddr_in *)proxy_sa; >+ tor_addr_from_ipv4n(&addr, dest_addr4->sin_addr.s_addr); >+ req->port = ntohs(dest_addr4->sin_port); >+ } else if (proxy_sa->sa_family == AF_INET6) { >+ struct sockaddr_in6 *dest_addr6 = (struct sockaddr_in6 *)proxy_sa; >+ tor_addr_from_in6(&addr, &dest_addr6->sin6_addr); >+ req->port = ntohs(dest_addr6->sin6_port); >+ } else { >+ tor_fragile_assert(); >+ return -1; >+ } >+ >+ tor_addr_to_str(req->address, &addr, sizeof(req->address), 0); >+ >+ return 0; >+#endif >+ } >+ > memset(&pnl, 0, sizeof(pnl)); > pnl.proto = IPPROTO_TCP; > pnl.direction = PF_OUT; >@@ -2299,10 +2331,6 @@ > return -1; > } > >- pf = get_pf_socket(); >- if (pf<0) >- return -1; >- > if (ioctl(pf, DIOCNATLOOK, &pnl) < 0) { > log_warn(LD_NET, "ioctl(DIOCNATLOOK) failed: %s", strerror(errno)); > return -1;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=155483">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 199381
: 155483