search

dlundquist / sniproxy

Proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session.
BSD 2-Clause "Simplified" License
2.55k stars 397 forks source link

Transparent proxy not supported on this platform, on Freebsd 11.2 #315

Open clodez opened 5 years ago

clodez commented 5 years ago

Helo ,

I am trying to create a transparent setup , I am using sniproxy v 0.6.0 from ports on Freebsd 11.2 in my config I am using "user root" never the less I am getting this error in the log: 2018-12-13 00:08:03 Transparent proxy not supported on this platform. 2018-12-13 00:08:03 error parsing /usr/local/etc/sniproxy.conf at 413 near: 2018-12-13 00:08:03 393 .18.35

2018-12-13 00:08:03 400 source client

and of course sniproxy is not starting . please advise .

dlundquist commented 5 years ago

@clodez The current transparent mode support uses the Linux specific IP_TRANSPARENT option. This is not present it FreeBSD, but there is a similar IP_BINDANY option. I'm not sure how much work it would be to support both, but it shouldn't be too difficult. There is a simply ifdef guarded around setting the transparent proxy in accept_listener_source_address(), and another ifdef guarded setsockopt() in initiate_server_connect().

clodez commented 5 years ago

emm , I will need all the help , if you mean I have to modify the code !? , else tell in details what You really mean !

dlundquist commented 5 years ago

@clodez I'm a bit taken aback by your tone. I realize English might not be your native language and you don't realize how you come across. I'm not a regular FreeBSD user, I don't consider the transparent proxy feature core functionality, as far as I know you haven't paid anything for this product, and the error message you received was fairly clear that this feature isn't supported on this platform.

If you're willing to assist in testing, I'm willing stand up a FreeBSD machine, and take a look at what it takes to add support for the BSD specific IP_BINDANY socket option. Are you willing to be patient, and test a feature branch?

clodez commented 5 years ago

Nooo o , I am so sorry , I did not mean anything nasty !! by the above ! I honestly meant it was a very long time since I played with any code ! ,I thought it was more of a configuration issue . Anyway I apologize for the tone , and no I don't want to waist your your time since it's not a "feature core functionality" .

Regards Clode.

jornane commented 5 years ago

Count me in on being patient and running a test branch. I'm running most of my things on FreeBSD, sniproxy is still a very notable exception.

dlundquist commented 5 years ago

@jornane mind giving #316 a try?

jornane commented 5 years ago

I'll check it out in a few days, thanks!