From b47a05449e3a581cfafcc74ed496629842b0d43e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Romain=20G=C3=89RARD?= <r.gerard@criteo.com>
Date: Sat, 22 Feb 2020 13:53:51 +0100
Subject: [PATCH] Do not try to set SO_MARK when not specified #37

 + When SO_MARK is specified wstunnel need to be run as root or with
network capabilities in order to be able to use this socket option.
Sadly Haskell network setsocketoption does not return an error, not an
exception when we are not permitted to use it, it just crash the current
thread without any warning ...


Former-commit-id: 5e1b790af4f08c95716420873dc858afeb4f00aa
Former-commit-id: 39ab9a3fef5159e0db1568be173a843570427d75 [formerly 88472e1ae8441ded76d4f32ed66d548a5e621dc4] [formerly 45f1cee434ff4e5cd30a8f4d7e86097748458fda [formerly a83e83038640a9742b65ece60a5653a74a822040 [formerly a83e83038640a9742b65ece60a5653a74a822040 [formerly a83e83038640a9742b65ece60a5653a74a822040 [formerly 68b6d92dc389ca83b3cd89b8eb8790d928997d29]]]]]
Former-commit-id: 046192c196f735cd53a78ece9371f418745cd763 [formerly aaa97f4c0ce70e4b7ae2d25a3e6dfb32e6aaf0cb]
Former-commit-id: d303425ad3e558ebfcc635f8f8925d70e3eaff6f
Former-commit-id: d103c22adea13872a08c2c6aa1e967f7372006af
Former-commit-id: 547aff025dd8c65133214c4b716c9d4920f9cc89
Former-commit-id: 29062a1856573bb3ab86d80f682cfa354792cb2a [formerly 722b724cebdc71a4f4e360a8a9f782e9e9a198f6]
Former-commit-id: 796475dc5641218f0d3af5a90c6ee1141cc3f553
---
 app/Main.hs   | 2 +-
 src/Tunnel.hs | 2 +-
 src/Types.hs  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/Main.hs b/app/Main.hs
index a91bfac..e594140 100644
--- a/app/Main.hs
+++ b/app/Main.hs
@@ -64,7 +64,7 @@ cmdLine = WsTunnel
   , proxy          = def &= explicit &= name "p" &= name "httpProxy"
                          &= help "If set, will use this proxy to connect to the server" &= typ "USER:PASS@HOST:PORT"
   , soMark         = def &= explicit &= name "soMark"
-                         &= help "(linux only) Mark network packet with SO_MARK sockoption with the specified value" &= typ "int"
+                         &= help "(linux only) Mark network packet with SO_MARK sockoption with the specified value. You need to use {root, sudo, capabilities} to run wstunnel when using this option" &= typ "int"
   , wsTunnelServer = def &= argPos 0 &= typ "ws[s]://wstunnelServer[:port]"
 
   , serverMode     = def &= explicit &= name "server"
diff --git a/src/Tunnel.hs b/src/Tunnel.hs
index e0fd81a..7a3df7c 100644
--- a/src/Tunnel.hs
+++ b/src/Tunnel.hs
@@ -45,7 +45,7 @@ rrunTCPClient cfg app = bracket
       N.setSocketOption s N.RecvBuffer defaultRecvBufferSize
       N.setSocketOption s N.SendBuffer defaultSendBufferSize
       so_mark_val <- readIORef sO_MARK_Value
-      when (N.isSupportedSocketOption sO_MARK) (N.setSocketOption s sO_MARK so_mark_val)
+      _ <- when (so_mark_val /= 0 && N.isSupportedSocketOption sO_MARK) (N.setSocketOption s sO_MARK so_mark_val)
       return (s,addr)
     )
     (\r -> catch (N.close $ fst r) (\(_ :: SomeException) -> return ()))
diff --git a/src/Types.hs b/src/Types.hs
index ae6c49c..6ee8c76 100644
--- a/src/Types.hs
+++ b/src/Types.hs
@@ -40,7 +40,7 @@ sO_MARK = N.CustomSockOpt (fromIntegral 1, fromIntegral 36) -- https://elixir.bo
 
 {-# NOINLINE sO_MARK_Value #-}
 sO_MARK_Value :: IORef Int
-sO_MARK_Value = unsafeDupablePerformIO $ (newIORef 131072)
+sO_MARK_Value = unsafeDupablePerformIO $ (newIORef 0)
 
 data Protocol = UDP | TCP | STDIO | SOCKS5 deriving (Show, Read, Eq)