diff options
| author | Anton Khirnov <anton@khirnov.net> | 2020-08-26 12:32:27 +0200 |
|---|---|---|
| committer | rofl0r <rofl0r@users.noreply.github.com> | 2020-10-19 20:08:31 +0100 |
| commit | 3bb14e04405ef918487489abb644949d03d7baa8 (patch) | |
| tree | dd65d7c9e6a07aca0557833914f91e31f77be4c7 | |
| parent | 2b49ef0e0f653eec6a128050c12ae8f7d630b1af (diff) | |
Allow multiple Bind directives.
Try all the addresses specified with Bind in order. This is necessary
e.g. for maintaining IPv4+6 connectivity while still being restricted to
one interface.
| -rw-r--r-- | docs/man5/tinyproxy.conf.txt.in | 2 | ||||
| -rw-r--r-- | src/conf.c | 25 | ||||
| -rw-r--r-- | src/conf.h | 2 | ||||
| -rw-r--r-- | src/sock.c | 27 |
4 files changed, 47 insertions, 9 deletions
diff --git a/docs/man5/tinyproxy.conf.txt.in b/docs/man5/tinyproxy.conf.txt.in index 8a18d55..0629a9a 100644 --- a/docs/man5/tinyproxy.conf.txt.in +++ b/docs/man5/tinyproxy.conf.txt.in @@ -58,6 +58,8 @@ only on one specific address. This allows you to specify which address Tinyproxy will bind to for outgoing connections to web servers or upstream proxies. +This parameter may be specified multiple times, then Tinyproxy +will try all the specified addresses in order. =item B<BindSame> @@ -291,6 +291,7 @@ void free_config (struct config_s *conf) safefree (conf->group); stringlist_free(conf->basicauth_list); stringlist_free(conf->listen_addrs); + stringlist_free(conf->bind_addrs); #ifdef FILTER_ENABLE safefree (conf->filter); #endif /* FILTER_ENABLE */ @@ -302,7 +303,6 @@ void free_config (struct config_s *conf) free_upstream_list (conf->upstream_list); #endif /* UPSTREAM_SUPPORT */ safefree (conf->pidpath); - safefree (conf->bind_address); safefree (conf->via_proxy_name); if (conf->errorpages) { it = 0; @@ -796,12 +796,27 @@ static HANDLE_FUNC (handle_deny) static HANDLE_FUNC (handle_bind) { - int r = set_string_arg (&conf->bind_address, line, &match[2]); + char *arg = get_string_arg (line, &match[2]); + + if (arg == NULL) { + return -1; + } + + if (conf->bind_addrs == NULL) { + conf->bind_addrs = sblist_new(sizeof(char*), 16); + if (conf->bind_addrs == NULL) { + CP_WARN ("Could not create a list " + "of bind addresses.", ""); + safefree(arg); + return -1; + } + } + + sblist_add (conf->bind_addrs, &arg); - if (r) - return r; log_message (LOG_INFO, - "Outgoing connections bound to IP %s", conf->bind_address); + "Added bind address [%s] for outgoing connections.", arg); + return 0; } @@ -68,7 +68,7 @@ struct config_s { #endif /* UPSTREAM_SUPPORT */ char *pidpath; unsigned int idletimeout; - char *bind_address; + sblist *bind_addrs; unsigned int bindsame; /* @@ -34,6 +34,7 @@ #include "text.h" #include "conf.h" #include "loop.h" +#include "sblist.h" /* * Return a human readable error for getaddrinfo() and getnameinfo(). @@ -87,6 +88,26 @@ bind_socket (int sockfd, const char *addr, int family) return sockfd; } +/** + * Try binding the given socket to supplied addresses, stopping when one succeeds. + */ +static int +bind_socket_list (int sockfd, sblist *addresses, int family) +{ + size_t nb_addresses = sblist_getsize(addresses); + size_t i; + + for (i = 0; i < nb_addresses; i++) { + const char *address = *(const char **)sblist_get(addresses, i); + if (bind_socket(sockfd, address, family) >= 0) { + log_message(LOG_INFO, "Bound to %s", address); + return 0; + } + } + + return -1; +} + /* * Open a connection to a remote host. It's been re-written to use * the getaddrinfo() library function, which allows for a protocol @@ -134,9 +155,9 @@ int opensock (const char *host, int port, const char *bind_to) close (sockfd); continue; /* can't bind, so try again */ } - } else if (config->bind_address) { - if (bind_socket (sockfd, config->bind_address, - res->ai_family) < 0) { + } else if (config->bind_addrs) { + if (bind_socket_list (sockfd, config->bind_addrs, + res->ai_family) < 0) { close (sockfd); continue; /* can't bind, so try again */ } |