Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Here is a code snippet taken from <a href="http://www.stunnel.org/download/source.html" rel="noreferrer">stunnel</a> (from client.c in the local_bind function if you want to look at all the code).</p> <pre><code>#ifdef IP_TRANSPARENT int on=1; if(c-&gt;opt-&gt;option.transparent) { if(setsockopt(c-&gt;fd, SOL_IP, IP_TRANSPARENT, &amp;on, sizeof on)) sockerror("setsockopt IP_TRANSPARENT"); /* ignore the error to retain Linux 2.2 compatibility */ /* the error will be handled by bind(), anyway */ } #endif /* IP_TRANSPARENT */ memcpy(&amp;addr, &amp;c-&gt;bind_addr.addr[0], sizeof addr); if(ntohs(addr.in.sin_port)&gt;=1024) { /* security check */ if(!bind(c-&gt;fd, &amp;addr.sa, addr_len(addr))) { s_log(LOG_INFO, "local_bind succeeded on the original port"); return; /* success */ } if(get_last_socket_error()!=EADDRINUSE #ifndef USE_WIN32 || !c-&gt;opt-&gt;option.transparent #endif /* USE_WIN32 */ ) { sockerror("local_bind (original port)"); longjmp(c-&gt;err, 1); } } </code></pre> <p>Earlier, c->bind_addr was set to the address of the connecting peer with this code:</p> <pre><code> else if(c-&gt;opt-&gt;option.transparent) memcpy(&amp;c-&gt;bind_addr, &amp;c-&gt;peer_addr, sizeof(SOCKADDR_LIST)); </code></pre> <p>The stunnel documentation contains this advice for recent Linux kernels:</p> <blockquote> <p>Remote mode (either 2.2.x and >=2.6.28) requires stunnel to be executed as root. setuid option will also break this functionality.</p> <p>Linux >=2.6.28 requires the following setup for iptables and routing (possibly in /etc/rc.local or equivalent file):</p> </blockquote> <pre><code>iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload