tinyproxy · aik · Jan 1, 2025 · Jan 1, 2025
diff --git a/docs/man5/tinyproxy.conf.txt.in b/docs/man5/tinyproxy.conf.txt.in
@@ -60,6 +60,8 @@ This allows you to specify which address Tinyproxy will bind
 to for outgoing connections.
 This parameter may be specified multiple times, then Tinyproxy
 will try all the specified addresses in order.
+When SO_BINDTODEVICE present, this parameter allows interface
+names.
 
 =item B<BindSame>
 

diff --git a/etc/tinyproxy.conf.in b/etc/tinyproxy.conf.in
@@ -33,7 +33,7 @@ Port 8888
 # Bind: This allows you to specify which interface will be used for
 # outgoing connections.  This is useful for multi-home'd machines where
 # you want all traffic to appear outgoing from one particular interface.
-#
+# This allows using the name of an interface, useful for tun devices.
 #Bind 192.168.0.1
 
 #

diff --git a/src/conf.c b/src/conf.c
@@ -225,7 +225,11 @@ struct {
                  handle_allow),
         STDCONF (deny, "(" "(" IPMASK "|" IPV6MASK ")" "|" ALNUM ")",
                  handle_deny),
-        STDCONF (bind, "(" IP "|" IPV6 ")", handle_bind),
+        STDCONF (bind, "(" IP "|" IPV6
+#ifdef SO_BINDTODEVICE
+                 "|" INTERFACE
+#endif
+	         ")", handle_bind),
         /* other */
         STDCONF (basicauth, USERNAME WS PASSWORD, handle_basicauth),
         STDCONF (errorfile, INT WS STR, handle_errorfile),

diff --git a/src/main.c b/src/main.c
@@ -145,6 +145,10 @@ display_usage (void)
         printf ("    Upstream proxy support\n");
         features++;
 #endif /* UPSTREAM_SUPPORT */
+#ifdef SO_BINDTODEVICE
+        printf ("    BindToDevice\n");
+        features++;
+#endif
 
         if (0 == features)
                 printf ("    None\n");

diff --git a/src/network.c b/src/network.c
@@ -156,8 +156,7 @@ ssize_t readline (int fd, char **whole_buffer)
         struct read_lines_s *first_line, *line_ptr;
 
         first_line =
-            (struct read_lines_s *) safecalloc (sizeof (struct read_lines_s),
-                                                1);
+            (struct read_lines_s *) safecalloc (1, sizeof (struct read_lines_s));
         if (!first_line)
                 return -ENOMEM;
 
@@ -206,7 +205,7 @@ ssize_t readline (int fd, char **whole_buffer)
 
                 line_ptr->next =
                     (struct read_lines_s *)
-                    safecalloc (sizeof (struct read_lines_s), 1);
+                    safecalloc (1, sizeof (struct read_lines_s));
                 if (!line_ptr->next) {
                         ret = -ENOMEM;
                         goto CLEANUP;

diff --git a/src/sock.c b/src/sock.c
@@ -71,6 +71,23 @@ bind_socket (int sockfd, const char *addr, int family)
         assert (sockfd >= 0);
         assert (addr != NULL && strlen (addr) != 0);
 
+#ifdef SO_BINDTODEVICE
+        if (addr && if_nametoindex(addr)) {
+		struct ifreq interface = {};
+
+		strcpy(interface.ifr_name, addr);
+		n = setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE,
+			&interface, sizeof(interface));
+		if (n < 0) {
+		        log_message (LOG_INFO,
+                                     "bind_socket: SO_BINDTODEVICE to %s %s",
+                                     addr, get_gai_error (n));
+	                return n;
+		}
+                return sockfd;
+	}
+#endif
+
         memset (&hints, 0, sizeof (struct addrinfo));
         hints.ai_family = family;
         hints.ai_socktype = SOCK_STREAM;