[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libmicrohttpd] sockets with IP_TRANSPARENT option
|
From: |
Christian Grothoff |
|
Subject: |
Re: [libmicrohttpd] sockets with IP_TRANSPARENT option |
|
Date: |
Mon, 22 Apr 2013 12:58:04 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12 |
Looking at your patch (send to me off-list), you have two clean options
already:
1) You can use MHD_get_daemon_info (daemon, MHD_DAEMON_INFO_LISTEN_FD)
to obtain the listen socket and do the setsockopt immediately
after doing MHD_start_daemon. I think this should work if you use
the non-threaded (external select) execution variant. With threads,
there is the risk that a connection might have been accepted before
you can manipulate the listen socket this way;
2) You can use 'MHD_OPTION_LISTEN_SOCKET' to pass in a listen socket
to MHD that you've already initialized yourself. Here, you need
to do the socket/bind/setsockopt/listen calls yourself, but you
have total freedom (IPv4, IPv6, dual-bind, UNIX domain socket,
ioctls, etc.) on what to do to the listen socket AND it is guaranteed
to happen first. So this is very expressive, and except for your
code being slightly longer nothing can go wrong; so this
is the way I'd recommend you to do it.
This also allows you to bind to port 80 and drop privs before
calling MHD.
Happy hacking!
Christian
On 04/22/2013 09:26 AM, Yoann Juet wrote:
Dear all,
We are using libmicrohttpd on lightweight web servers. They intercept
ingoing http requests transparently proxied by tproxy kernel module. For
libmicrohttpd based servers to be able to respond to packets redirected
with the Netfitler tproxy target, the IP_TRANSPARENT option should be
enabled on the socket.
So far, we have patched the code in daemon.c to enable this feature. A
simple quick and dirty hack. I wonder if there's a cleaner way to
achieve the same thing. Any suggestion or feedback about what could be
done to improve this situation ?
Regards,