Allows IP_TRANSPARENT to be set on a redirecting socket

Motivation:

IP_TRANSPARENT support is not complete, the option can currently only be set on EpollServerSocket. Setting the option on an EpollSocket is also requires so as to be able to bind a socket to a non-local address as described in ip(7)
http://man7.org/linux/man-pages/man7/ip.7.html

"TProxy redirection with the iptables TPROXY target also
requires that this option be set on the redirected socket."

Modifications:

Added IP_TRANSPARENT socket option to EpollSocketChannelConfig

Result:

A redirecting socket can be created with a non-local IP address as required for TPROXY
This commit is contained in:
Alberto K 2017-07-30 19:48:57 +10:00 committed by Norman Maurer
parent 580ac8cd41
commit 21b7ab1f25

View File

@ -60,7 +60,7 @@ public final class EpollSocketChannelConfig extends EpollChannelConfig implement
SO_RCVBUF, SO_SNDBUF, TCP_NODELAY, SO_KEEPALIVE, SO_REUSEADDR, SO_LINGER, IP_TOS,
ALLOW_HALF_CLOSURE, EpollChannelOption.TCP_CORK, EpollChannelOption.TCP_NOTSENT_LOWAT,
EpollChannelOption.TCP_KEEPCNT, EpollChannelOption.TCP_KEEPIDLE, EpollChannelOption.TCP_KEEPINTVL,
EpollChannelOption.TCP_MD5SIG, EpollChannelOption.TCP_QUICKACK);
EpollChannelOption.TCP_MD5SIG, EpollChannelOption.TCP_QUICKACK, EpollChannelOption.IP_TRANSPARENT);
}
@SuppressWarnings("unchecked")
@ -111,6 +111,9 @@ public final class EpollSocketChannelConfig extends EpollChannelConfig implement
if (option == EpollChannelOption.TCP_QUICKACK) {
return (T) Boolean.valueOf(isTcpQuickAck());
}
if (option == EpollChannelOption.IP_TRANSPARENT) {
return (T) Boolean.valueOf(isIpTransparent());
}
return super.getOption(option);
}
@ -146,6 +149,8 @@ public final class EpollSocketChannelConfig extends EpollChannelConfig implement
setTcpKeepIntvl((Integer) value);
} else if (option == EpollChannelOption.TCP_USER_TIMEOUT) {
setTcpUserTimeout((Integer) value);
} else if (option == EpollChannelOption.IP_TRANSPARENT) {
setIpTransparent((Boolean) value);
} else if (option == EpollChannelOption.TCP_MD5SIG) {
@SuppressWarnings("unchecked")
final Map<InetAddress, byte[]> m = (Map<InetAddress, byte[]>) value;
@ -446,6 +451,31 @@ public final class EpollSocketChannelConfig extends EpollChannelConfig implement
}
}
/**
* Returns {@code true} if <a href="http://man7.org/linux/man-pages/man7/ip.7.html">IP_TRANSPARENT</a> is enabled,
* {@code false} otherwise.
*/
public boolean isIpTransparent() {
try {
return channel.socket.isIpTransparent();
} catch (IOException e) {
throw new ChannelException(e);
}
}
/**
* If {@code true} is used <a href="http://man7.org/linux/man-pages/man7/ip.7.html">IP_TRANSPARENT</a> is enabled,
* {@code false} for disable it. Default is disabled.
*/
public EpollSocketChannelConfig setIpTransparent(boolean transparent) {
try {
channel.socket.setIpTransparent(transparent);
return this;
} catch (IOException e) {
throw new ChannelException(e);
}
}
/**
* Set the {@code TCP_MD5SIG} option on the socket. See {@code linux/tcp.h} for more details.
* Keys can only be set on, not read to prevent a potential leak, as they are confidential.