[tor-commits] [tor/master] Move the friendly warning about TPROXY and root to EPERM time

nickm at torproject.org nickm at torproject.org
Sun Feb 2 20:48:33 UTC 2014 

commit fd8947afc2815cc3316513fe4461d8d8096eddea
Author: Nick Mathewson <nickm at torproject.org>
Date:   Sun Feb 2 15:45:00 2014 -0500

    Move the friendly warning about TPROXY and root to EPERM time
    
    I'm doing this because:
       * User doesn't mean you're running as root, and running as root
         doesn't mean you've set User.
       * It's possible that the user has done some other
         capability-based hack to retain the necessary privileges.
---
 src/or/config.c     |    7 -------
 src/or/connection.c |    8 ++++++--
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/src/or/config.c b/src/or/config.c
index a2366c0..c921bb7 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -2540,13 +2540,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
       REJECT("Cannot use TransTPROXY without any valid TransPort or "
              "TransListenAddress.");
     }
-    /* Friendly suggestion about running as root initially. */
-    if (!options->User) {
-      log_warn(LD_CONFIG,
-               "You have enabled TransTPROXY but have not specified the "
-               "\"User\" option. TransTPROXY will not function without "
-               "root privileges.");
-    }
   }
 #else
   if (options->TransPort_set || options->TransTPROXY)
diff --git a/src/or/connection.c b/src/or/connection.c
index 7d8feeb..6dbba66 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1039,9 +1039,13 @@ connection_listener_new(const struct sockaddr *listensockaddr,
     if (options->TransTPROXY && type == CONN_TYPE_AP_TRANS_LISTENER) {
       int one = 1;
       if (setsockopt(s, SOL_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0) {
+        const char *extra = "";
         int e = tor_socket_errno(s);
-        log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s",
-                 tor_socket_strerror(e));
+        if (e == EPERM)
+          extra = "TransTPROXY requires root privileges or similar"
+            " capabilities.";
+        log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s.%s",
+                 tor_socket_strerror(e), extra);
       }
     }
 #endif

More information about the tor-commits mailing list