ipfw TransPort support on FreeBSD (10267)

This isn't on by default; to get it, you need to set "TransProxyType
ipfw".  (The original patch had automatic detection for whether
/dev/pf is present and openable, but that seems marginally fragile.)

1 files changed, 7 insertions, 1 deletions

diff --git a/src/or/config.c b/src/or/config.c
index 4a6b30172c..55a23b1ce3 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1089,7 +1089,7 @@ options_act_reversible(const or_options_t *old_options, char **msg)
 
 #if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
   /* Open /dev/pf before dropping privileges. */
-  if (options->TransPort_set) {
+  if (options->TransPort_set && options->TransProxyType_parsed != TPT_IPFW) {
     if (get_pf_socket() < 0) {
       *msg = tor_strdup("Unable to open /dev/pf for transparent proxy.");
       goto rollback;
@@ -2559,6 +2559,12 @@ options_validate(or_options_t *old_options, or_options_t *options,
 #else
       options->TransProxyType_parsed = TPT_TPROXY;
 #endif
+    } else if (!strcasecmp(options->TransProxyType, "ipfw")) {
+#ifndef __FreeBSD__
+      REJECT("ipfw is a FreeBSD-specific feature.");
+#else
+      options->TransProxyType_parsed = TPT_IPFW;
+#endif
     } else {
       REJECT("Unrecognized value for TransProxyType");
     }