diff options
author | prlw1 <prlw1@pkgsrc.org> | 2015-08-17 16:39:38 +0000 |
---|---|---|
committer | prlw1 <prlw1@pkgsrc.org> | 2015-08-17 16:39:38 +0000 |
commit | 0a6b1009d51135a2a72ad297b5e5629c8e755747 (patch) | |
tree | 4195929fb4fa85aeafec8bcf3a9acb1ea93fdf9c /www/squid3 | |
parent | ce00a51984af030e47bbd85ca21840d8a54e959b (diff) | |
download | pkgsrc-0a6b1009d51135a2a72ad297b5e5629c8e755747.tar.gz |
Fix transparent proxying with IPFilter v5.
Also fix ipf configure test, and remove superfluous debug patch.
Diffstat (limited to 'www/squid3')
-rw-r--r-- | www/squid3/distinfo | 6 | ||||
-rw-r--r-- | www/squid3/patches/patch-configure | 55 | ||||
-rw-r--r-- | www/squid3/patches/patch-src_ip_Intercept.cc | 47 |
3 files changed, 63 insertions, 45 deletions
diff --git a/www/squid3/distinfo b/www/squid3/distinfo index e894e4e7899..0436dfa3568 100644 --- a/www/squid3/distinfo +++ b/www/squid3/distinfo @@ -1,14 +1,14 @@ -$NetBSD: distinfo,v 1.36 2015/08/05 08:10:56 adam Exp $ +$NetBSD: distinfo,v 1.37 2015/08/17 16:39:38 prlw1 Exp $ SHA1 (squid-3.5.7.tar.xz) = e7dcc0cbcee6fd10a8c8bf3e9bff0dc6359ccc48 RMD160 (squid-3.5.7.tar.xz) = 7284dda15e27c643cf69db1c53cc798404f6f53a Size (squid-3.5.7.tar.xz) = 2294580 bytes SHA1 (patch-compat_compat.h) = d6cd93fa7a6d0faad3bf1aca8ae4fa5c984fe288 -SHA1 (patch-configure) = 0c3370eead6e3f3a8534c26b74d6ef8f3f13ec8f +SHA1 (patch-configure) = b8835c6abbe1ca98becc16bf3370b4f5018d3021 SHA1 (patch-errors_Makefile.in) = afbac822ac84d5e1734d55fc625e949ae0b85289 SHA1 (patch-src_Makefile.in) = 7233a92a4f6ecc06d88e125f08f7413e0741f3b6 SHA1 (patch-src_SquidNew.cc) = eef6e72e168cf7f40518fab13dc2f55ed0268db9 SHA1 (patch-src_base_TidyPointer.h) = d05017d7db904286afb02600ed3cc2f0f253b939 -SHA1 (patch-src_ip_Intercept.cc) = 80de6ca56d61e389641b35515e3509b264b1950f +SHA1 (patch-src_ip_Intercept.cc) = 4dcab63def21137bfae25a2b514d876e5260af81 SHA1 (patch-src_store.cc) = 055d98a59103b02a51876a5c8ffed9514954beb4 SHA1 (patch-tools_Makefile.in) = 3a7678c63a11a35fabef091a3b18e63859f0796f diff --git a/www/squid3/patches/patch-configure b/www/squid3/patches/patch-configure index dd185440bb8..a95ab4d8275 100644 --- a/www/squid3/patches/patch-configure +++ b/www/squid3/patches/patch-configure @@ -1,11 +1,13 @@ -$NetBSD: patch-configure,v 1.8 2015/07/06 09:39:40 adam Exp $ +$NetBSD: patch-configure,v 1.9 2015/08/17 16:39:38 prlw1 Exp $ * Portability fix. + http://bugs.squid-cache.org/show_bug.cgi?id=4306 * Fix broken tests for IPFilter + http://bugs.squid-cache.org/show_bug.cgi?id=4301 ---- configure.orig 2015-05-01 12:29:25.000000000 +0100 -+++ configure 2015-05-29 11:47:07.000000000 +0100 -@@ -32733,7 +32733,7 @@ +--- configure.orig 2015-08-01 06:10:24.000000000 +0000 ++++ configure +@@ -32753,7 +32753,7 @@ done ## Please see the COPYING and CONTRIBUTORS files for details. ## @@ -14,7 +16,7 @@ $NetBSD: patch-configure,v 1.8 2015/07/06 09:39:40 adam Exp $ BUILD_HELPER="kerberos" fi -@@ -33292,7 +33292,7 @@ +@@ -33327,7 +33327,7 @@ done ## Please see the COPYING and CONTRIBUTORS files for details. ## @@ -23,22 +25,39 @@ $NetBSD: patch-configure,v 1.8 2015/07/06 09:39:40 adam Exp $ BUILD_HELPER="kerberos_ldap_group" if test "x$with_apple_krb5" = "xyes" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lresolv" >&5 -@@ -38708,7 +38708,7 @@ +@@ -38704,6 +38704,7 @@ if test "x$enable_ipf_transparent" != "x + /* end confdefs.h. */ + + # include <sys/types.h> ++# include <sys/time.h> + # include <sys/ioccom.h> + # include <netinet/in.h> + +@@ -38733,6 +38734,7 @@ else + + #define minor_t fubaar + # include <sys/types.h> ++# include <sys/time.h> + # include <sys/ioccom.h> + # include <netinet/in.h> + #undef minor_t +@@ -38756,8 +38758,7 @@ $as_echo "yes" >&6; } + + else + +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unable to make IPFilter work with netinet/ headers" >&5 +-$as_echo "unable to make IPFilter work with netinet/ headers" >&6; } ++ as_fn_error $? "unable to make IPFilter work with netinet/ headers" "$LINENO" 5 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unable to make IPFilter work with netinet/ headers" >&5 - $as_echo "unable to make IPFilter work with netinet/ headers" >&6; } -- -+ squid_cv_broken_ipfilter_minor_t=0 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -@@ -38751,6 +38751,9 @@ - #if HAVE_SYS_IOCCOM_H - #include <sys/ioccom.h> +@@ -38795,6 +38796,9 @@ ac_fn_cxx_check_header_compile "$LINENO" + #if HAVE_SYS_TYPES_H + #include <sys/types.h> #endif -+#if HAVE_NET_IF_H -+#include <net/if.h> ++#if HAVE_SYS_TIME_H ++#include <sys/time.h> +#endif - #if USE_SOLARIS_IPFILTER_MINOR_T_HACK - #undef minor_t + #if HAVE_NETINET_IN_H + #include <netinet/in.h> #endif diff --git a/www/squid3/patches/patch-src_ip_Intercept.cc b/www/squid3/patches/patch-src_ip_Intercept.cc index 843ad5d7eaa..5a9c94e99d8 100644 --- a/www/squid3/patches/patch-src_ip_Intercept.cc +++ b/www/squid3/patches/patch-src_ip_Intercept.cc @@ -1,28 +1,27 @@ -$NetBSD: patch-src_ip_Intercept.cc,v 1.4 2015/01/21 11:23:16 adam Exp $ +$NetBSD: patch-src_ip_Intercept.cc,v 1.5 2015/08/17 16:39:38 prlw1 Exp $ -Avoid conflict with IP Fitler's debug(). +Fix transparent proxying with IPFilter 5 +http://bugs.squid-cache.org/show_bug.cgi?id=4302 ---- src/ip/Intercept.cc.orig 2015-01-13 12:52:01.000000000 +0000 +--- src/ip/Intercept.cc.orig 2015-08-01 06:08:17.000000000 +0000 +++ src/ip/Intercept.cc -@@ -21,6 +21,10 @@ - - #if IPF_TRANSPARENT - -+#ifdef debug -+#undef debug // XXX: IP Filter might declare debug(). +@@ -200,6 +200,19 @@ Ip::Intercept::IpfInterception(const Com + // all fields must be set to 0 + memset(&natLookup, 0, sizeof(natLookup)); + // for NAT lookup set local and remote IP:port's ++ if (newConn->remote.isIPv6()) { ++#if IPFILTER_VERSION < 5000003 ++ // warn once every 10 at critical level, then push down a level each repeated event ++ static int warningLevel = DBG_CRITICAL; ++ debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1"); ++ warningLevel = ++warningLevel % 10; ++ return false; ++#else ++ natLookup.nl_v = 6; ++ } else { ++ natLookup.nl_v = 4; +#endif -+ - #if !defined(IPFILTER_VERSION) - #define IPFILTER_VERSION 5000004 - #endif -@@ -68,6 +72,10 @@ - #include <netinet/ip_nat.h> - #endif - -+// Stolen from src/defines.h -+#define debug(SECTION, LEVEL) \ -+ do_debug(SECTION, LEVEL) ? (void) 0 : _db_print -+ - #endif /* IPF_TRANSPARENT required headers */ - - #if PF_TRANSPARENT ++ } + natLookup.nl_inport = htons(newConn->local.port()); + newConn->local.getInAddr(natLookup.nl_inip); + natLookup.nl_outport = htons(newConn->remote.port()); |