[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: TransPort, DNSPort, and pf
- To: tor-relays@xxxxxxxxxxxxxx
- Subject: Re: TransPort, DNSPort, and pf
- From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
- Date: Fri, 31 Dec 2010 23:56:37 -0500
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: tor-relays-outgoing@xxxxxxxx
- Delivered-to: tor-relays@xxxxxxxxxxxxxx
- Delivery-date: Fri, 31 Dec 2010 23:56:46 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:content-type:content-transfer-encoding; bh=zOxYzKYm7fyPlNGRsD+sU3RWXWhB6MJZzy+4/hTnbi8=; b=lha2k6DiWWd8sanyyelfDcUcebzg57W/CWcDT0YrbPJQ6v8RUpk4JnqHt7LUoQXha0 Cp+YHY+kR/efAlSrJPtvJx1LtBF8vpoFJhndG3FcM9K2TkU97B3XduB6BBws/x+5IwdN TCZtvl0jqkkwKn2y2f/AXwPYiUpcatRbcy9Z8=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=HB2A9OQaE2JS7PHeJN/w9sfpfQZWHAccl7yeTuZ6ukb0/5O8YRuaQa5uoEDWlLIZ+z 3xE9+BQnq+Jwe0VsTcfw8l0wW7mjlYW8Vst+JHA+03GWoCNBdGAp3vwrYrJ3M+tvJItO JUnaigxjS2DIMEtJlzqgYag31BRwI10go4He4=
- In-reply-to: <201012310913.oBV9DKP8021589@xxxxxxxxxxxxx>
- References: <201012310913.oBV9DKP8021589@xxxxxxxxxxxxx>
- Reply-to: tor-relays@xxxxxxxxxxxxxx
- Sender: owner-tor-relays@xxxxxxxxxxxxxx
On Fri, Dec 31, 2010 at 4:13 AM, Scott Bennett <bennett@xxxxxxxxxx> wrote:
> On Fri, 31 Dec 2010 03:49:24 -0500 Roger Dingledine <arma@xxxxxxx> wrote:
>>On Fri, Dec 31, 2010 at 12:53:10AM -0600, Scott Bennett wrote:
[...]
>>> It
>>> seems to me that neither should be necessary and that tor should not access
>>> /dev/pf.
>>
>>Do you know another way to do transparent proxying on BSD? I confess
>>that Linux's way (a getsockopt call) does look simpler. :)
>>
> I've never delved into this at all. I guess I'll just leave it as is
> and let tor's startup phase as root handle it in the future. What does LINUX's
> getsockopt() return that FreeBSD's doesn't?
Check out connection_ap_get_original_destination: on Linux, it does
struct sockaddr_storage orig_dst;
socklen_t orig_dst_len = sizeof(orig_dst);
getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, (struct sockaddr*)&orig_dst,
&orig_dst_len)
So SO_ORIGINAL_DST is the magical sockopt here.
happy 2011,
--
Nick