From 783fc174b2a81725a1d8e250b765e23869fbcb5b Mon Sep 17 00:00:00 2001
From: fengbojiang <fengbojiang@tencent.com>
Date: Tue, 15 Oct 2024 14:49:21 +0800
Subject: [PATCH] Nginx's stream support transparent.

Also support kernel network stack while set
`proxy_kernel_network_stack on`.
---
 .../src/event/ngx_event_connect.c             | 40 ++++++++++++++-----
 1 file changed, 29 insertions(+), 11 deletions(-)

diff --git a/app/nginx-1.25.2/src/event/ngx_event_connect.c b/app/nginx-1.25.2/src/event/ngx_event_connect.c
index efd3053d1..be8c83cf9 100644
--- a/app/nginx-1.25.2/src/event/ngx_event_connect.c
+++ b/app/nginx-1.25.2/src/event/ngx_event_connect.c
@@ -353,10 +353,20 @@ failed:
 
 #if (NGX_HAVE_TRANSPARENT_PROXY)
 
+#if (NGX_HAVE_FSTACK)
+extern int is_fstack_fd(int sockfd);
+#ifndef IP_BINDANY
+#define IP_BINDANY	24
+#endif
+#endif
+
 static ngx_int_t
 ngx_event_connect_set_transparent(ngx_peer_connection_t *pc, ngx_socket_t s)
 {
     int  value;
+#if defined(NGX_HAVE_FSTACK)
+    int optname;
+#endif
 
     value = 1;
 
@@ -376,8 +386,26 @@ ngx_event_connect_set_transparent(ngx_peer_connection_t *pc, ngx_socket_t s)
 
     case AF_INET:
 
-#if defined(IP_TRANSPARENT)
+#if defined(NGX_HAVE_FSTACK)
+        /****
+        FreeBSD define IP_BINDANY in freebsd/netinet/in.h
+        Fstack should only support IP_BINDANY.
+        ****/
+        if(is_fstack_fd(s)){
+            optname = IP_BINDANY;
+        } else {
+            optname = IP_TRANSPARENT;
+        }
 
+        if (setsockopt(s, IPPROTO_IP, optname,
+                       (const void *) &value, sizeof(int)) == -1)
+        {
+            ngx_log_error(NGX_LOG_ALERT, pc->log, ngx_socket_errno,
+                   "setsockopt(IP_BINDANY/IP_TRANSPARENT) failed");
+            return NGX_ERROR;
+        }
+
+#elif defined(IP_TRANSPARENT)
         if (setsockopt(s, IPPROTO_IP, IP_TRANSPARENT,
                        (const void *) &value, sizeof(int)) == -1)
         {
@@ -386,16 +414,6 @@ ngx_event_connect_set_transparent(ngx_peer_connection_t *pc, ngx_socket_t s)
             return NGX_ERROR;
         }
 
-#elif defined(IP_BINDANY)
-
-        if (setsockopt(s, IPPROTO_IP, IP_BINDANY,
-                       (const void *) &value, sizeof(int)) == -1)
-        {
-            ngx_log_error(NGX_LOG_ALERT, pc->log, ngx_socket_errno,
-                   "setsockopt(IP_BINDANY) failed");
-            return NGX_ERROR;
-        }
-
 #endif
 
         break;