summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--configure.ac35
-rw-r--r--src/or/connection_edge.c33
2 files changed, 66 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac
index e7560b2bfc..88b4da006d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -937,6 +937,14 @@ AC_CHECK_HEADERS(net/pfvar.h, net_pfvar_found=1, net_pfvar_found=0,
#ifdef HAVE_NET_IF_H
#include <net/if.h>
#endif])
+
+AC_CHECK_HEADERS(linux/if.h,[],[],
+[
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+])
+
AC_CHECK_HEADERS(linux/netfilter_ipv4.h,
linux_netfilter_ipv4=1, linux_netfilter_ipv4=0,
[#ifdef HAVE_SYS_TYPES_H
@@ -958,6 +966,30 @@ AC_CHECK_HEADERS(linux/netfilter_ipv4.h,
#include <netinet/in.h>
#endif])
+AC_CHECK_HEADERS(linux/netfilter_ipv6/ip6_tables.h,
+ linux_netfilter_ipv6_ip6_tables=1, linux_netfilter_ipv6_ip6_tables=0,
+[#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+#ifdef HAVE_LINUX_TYPES_H
+#include <linux/types.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_LINUX_IF_H
+#include <linux/if.h>
+#endif])
+
if test x$transparent = xtrue ; then
transparent_ok=0
if test x$net_if_found = x1 && test x$net_pfvar_found = x1 ; then
@@ -966,6 +998,9 @@ if test x$transparent = xtrue ; then
if test x$linux_netfilter_ipv4 = x1 ; then
transparent_ok=1
fi
+ if test x$linux_netfilter_ipv6_ip6_tables = x1 ; then
+ transparent_ok=1
+ fi
if test x$transparent_ok = x1 ; then
AC_DEFINE(USE_TRANSPARENT, 1, "Define to enable transparent proxy support")
case $host in
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index a90ca00883..09645d04b9 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -46,8 +46,20 @@
#ifdef HAVE_LINUX_NETFILTER_IPV4_H
#include <linux/netfilter_ipv4.h>
#define TRANS_NETFILTER
+#define TRANS_NETFILTER_IPV4
#endif
+#ifdef HAVE_LINUX_IF_H
+#include <linux/if.h>
+#endif
+
+#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#define TRANS_NETFILTER
+#define TRANS_NETFILTER_IPV6
+#endif
+
+
#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
#include <net/if.h>
#include <net/pfvar.h>
@@ -1401,10 +1413,27 @@ destination_from_socket(entry_connection_t *conn, socks_request_t *req)
struct sockaddr_storage orig_dst;
socklen_t orig_dst_len = sizeof(orig_dst);
tor_addr_t addr;
+ int rv;
#ifdef TRANS_NETFILTER
- if (getsockopt(ENTRY_TO_CONN(conn)->s, SOL_IP, SO_ORIGINAL_DST,
- (struct sockaddr*)&orig_dst, &orig_dst_len) < 0) {
+ switch (ENTRY_TO_CONN(conn)->socket_family) {
+#ifdef TRANS_NETFILTER_IPV4
+ case AF_INET:
+ rv = getsockopt(ENTRY_TO_CONN(conn)->s, SOL_IP, SO_ORIGINAL_DST,
+ (struct sockaddr*)&orig_dst, &orig_dst_len);
+ break;
+#endif
+#ifdef TRANS_NETFILTER_IPV6
+ case AF_INET6:
+ rv = getsockopt(ENTRY_TO_CONN(conn)->s, SOL_IPV6, IP6T_SO_ORIGINAL_DST,
+ (struct sockaddr*)&orig_dst, &orig_dst_len);
+ break;
+#endif
+ default:
+ log_warn(LD_BUG, "Received transparent data from an unsuported socket family.");
+ return -1;
+ }
+ if (rv < 0) {
int e = tor_socket_errno(ENTRY_TO_CONN(conn)->s);
log_warn(LD_NET, "getsockopt() failed: %s", tor_socket_strerror(e));
return -1;