From 3bb14e04405ef918487489abb644949d03d7baa8 Mon Sep 17 00:00:00 2001 From: Anton Khirnov Date: Wed, 26 Aug 2020 12:32:27 +0200 Subject: [PATCH] Allow multiple Bind directives. Try all the addresses specified with Bind in order. This is necessary e.g. for maintaining IPv4+6 connectivity while still being restricted to one interface. --- docs/man5/tinyproxy.conf.txt.in | 2 ++ src/conf.c | 25 ++++++++++++++++++++----- src/conf.h | 2 +- src/sock.c | 27 ++++++++++++++++++++++++--- 4 files changed, 47 insertions(+), 9 deletions(-) diff --git a/docs/man5/tinyproxy.conf.txt.in b/docs/man5/tinyproxy.conf.txt.in index 8a18d55..0629a9a 100644 --- a/docs/man5/tinyproxy.conf.txt.in +++ b/docs/man5/tinyproxy.conf.txt.in @@ -58,6 +58,8 @@ only on one specific address. This allows you to specify which address Tinyproxy will bind to for outgoing connections to web servers or upstream proxies. +This parameter may be specified multiple times, then Tinyproxy +will try all the specified addresses in order. =item B diff --git a/src/conf.c b/src/conf.c index e0d6634..7e3c031 100644 --- a/src/conf.c +++ b/src/conf.c @@ -291,6 +291,7 @@ void free_config (struct config_s *conf) safefree (conf->group); stringlist_free(conf->basicauth_list); stringlist_free(conf->listen_addrs); + stringlist_free(conf->bind_addrs); #ifdef FILTER_ENABLE safefree (conf->filter); #endif /* FILTER_ENABLE */ @@ -302,7 +303,6 @@ void free_config (struct config_s *conf) free_upstream_list (conf->upstream_list); #endif /* UPSTREAM_SUPPORT */ safefree (conf->pidpath); - safefree (conf->bind_address); safefree (conf->via_proxy_name); if (conf->errorpages) { it = 0; @@ -796,12 +796,27 @@ static HANDLE_FUNC (handle_deny) static HANDLE_FUNC (handle_bind) { - int r = set_string_arg (&conf->bind_address, line, &match[2]); + char *arg = get_string_arg (line, &match[2]); + + if (arg == NULL) { + return -1; + } + + if (conf->bind_addrs == NULL) { + conf->bind_addrs = sblist_new(sizeof(char*), 16); + if (conf->bind_addrs == NULL) { + CP_WARN ("Could not create a list " + "of bind addresses.", ""); + safefree(arg); + return -1; + } + } + + sblist_add (conf->bind_addrs, &arg); - if (r) - return r; log_message (LOG_INFO, - "Outgoing connections bound to IP %s", conf->bind_address); + "Added bind address [%s] for outgoing connections.", arg); + return 0; } diff --git a/src/conf.h b/src/conf.h index 9453d66..9914049 100644 --- a/src/conf.h +++ b/src/conf.h @@ -68,7 +68,7 @@ struct config_s { #endif /* UPSTREAM_SUPPORT */ char *pidpath; unsigned int idletimeout; - char *bind_address; + sblist *bind_addrs; unsigned int bindsame; /* diff --git a/src/sock.c b/src/sock.c index 28a7f88..70169a6 100644 --- a/src/sock.c +++ b/src/sock.c @@ -34,6 +34,7 @@ #include "text.h" #include "conf.h" #include "loop.h" +#include "sblist.h" /* * Return a human readable error for getaddrinfo() and getnameinfo(). @@ -87,6 +88,26 @@ bind_socket (int sockfd, const char *addr, int family) return sockfd; } +/** + * Try binding the given socket to supplied addresses, stopping when one succeeds. + */ +static int +bind_socket_list (int sockfd, sblist *addresses, int family) +{ + size_t nb_addresses = sblist_getsize(addresses); + size_t i; + + for (i = 0; i < nb_addresses; i++) { + const char *address = *(const char **)sblist_get(addresses, i); + if (bind_socket(sockfd, address, family) >= 0) { + log_message(LOG_INFO, "Bound to %s", address); + return 0; + } + } + + return -1; +} + /* * Open a connection to a remote host. It's been re-written to use * the getaddrinfo() library function, which allows for a protocol @@ -134,9 +155,9 @@ int opensock (const char *host, int port, const char *bind_to) close (sockfd); continue; /* can't bind, so try again */ } - } else if (config->bind_address) { - if (bind_socket (sockfd, config->bind_address, - res->ai_family) < 0) { + } else if (config->bind_addrs) { + if (bind_socket_list (sockfd, config->bind_addrs, + res->ai_family) < 0) { close (sockfd); continue; /* can't bind, so try again */ }