Commit fd8947af authored by Nick Mathewson's avatar Nick Mathewson 🤹
Browse files

Move the friendly warning about TPROXY and root to EPERM time 

I'm doing this because:
   * User doesn't mean you're running as root, and running as root
     doesn't mean you've set User.
   * It's possible that the user has done some other
     capability-based hack to retain the necessary privileges.
parent 09ccc4c4

src/or/config.c

+0 −7
Original line number Diff line number Diff line
@@ -2540,13 +2540,6 @@ options_validate(or_options_t *old_options, or_options_t *options, 
      REJECT("Cannot use TransTPROXY without any valid TransPort or "

             "TransListenAddress.");

    }

    /* Friendly suggestion about running as root initially. */

    if (!options->User) {

      log_warn(LD_CONFIG,

               "You have enabled TransTPROXY but have not specified the "

               "\"User\" option. TransTPROXY will not function without "

               "root privileges.");

    }

  }

#else

  if (options->TransPort_set || options->TransTPROXY)

src/or/connection.c

+6 −2
Original line number Diff line number Diff line
@@ -1039,9 +1039,13 @@ connection_listener_new(const struct sockaddr *listensockaddr, 
    if (options->TransTPROXY && type == CONN_TYPE_AP_TRANS_LISTENER) {

      int one = 1;

      if (setsockopt(s, SOL_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0) {

        const char *extra = "";

        int e = tor_socket_errno(s);

        log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s",

                 tor_socket_strerror(e));

        if (e == EPERM)

          extra = "TransTPROXY requires root privileges or similar"

            " capabilities.";

        log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s.%s",

                 tor_socket_strerror(e), extra);

      }

    }

#endif