TransPort, DNSPort, and pf
Nick Mathewson
nickm at freehaven.net
Sat Jan 1 04:56:37 UTC 2011
On Fri, Dec 31, 2010 at 4:13 AM, Scott Bennett <bennett at cs.niu.edu> wrote:
> On Fri, 31 Dec 2010 03:49:24 -0500 Roger Dingledine <arma at mit.edu> wrote:
>>On Fri, Dec 31, 2010 at 12:53:10AM -0600, Scott Bennett wrote:
[...]
>>> It
>>> seems to me that neither should be necessary and that tor should not access
>>> /dev/pf.
>>
>>Do you know another way to do transparent proxying on BSD? I confess
>>that Linux's way (a getsockopt call) does look simpler. :)
>>
> I've never delved into this at all. I guess I'll just leave it as is
> and let tor's startup phase as root handle it in the future. What does LINUX's
> getsockopt() return that FreeBSD's doesn't?
Check out connection_ap_get_original_destination: on Linux, it does
struct sockaddr_storage orig_dst;
socklen_t orig_dst_len = sizeof(orig_dst);
getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, (struct sockaddr*)&orig_dst,
&orig_dst_len)
So SO_ORIGINAL_DST is the magical sockopt here.
happy 2011,
--
Nick
More information about the tor-relays
mailing list