Fix transparent proxying with IPFilter v5.

Also fix ipf configure test, and remove superfluous debug patch.
author: prlw1 <prlw1@pkgsrc.org> 2015-08-17 16:39:38 +0000
committer: prlw1 <prlw1@pkgsrc.org> 2015-08-17 16:39:38 +0000
commit: 0a6b1009d51135a2a72ad297b5e5629c8e755747 (patch)
tree: 4195929fb4fa85aeafec8bcf3a9acb1ea93fdf9c /www/squid3
parent: ce00a51984af030e47bbd85ca21840d8a54e959b (diff)
download: pkgsrc-0a6b1009d51135a2a72ad297b5e5629c8e755747.tar.gz
3 files changed, 63 insertions, 45 deletions
diff --git a/www/squid3/distinfo b/www/squid3/distinfo
index e894e4e7899..0436dfa3568 100644
--- a/www/squid3/distinfo
+++ b/www/squid3/distinfo
@@ -1,14 +1,14 @@
-$NetBSD: distinfo,v 1.36 2015/08/05 08:10:56 adam Exp $
+$NetBSD: distinfo,v 1.37 2015/08/17 16:39:38 prlw1 Exp $
 
 SHA1 (squid-3.5.7.tar.xz) = e7dcc0cbcee6fd10a8c8bf3e9bff0dc6359ccc48
 RMD160 (squid-3.5.7.tar.xz) = 7284dda15e27c643cf69db1c53cc798404f6f53a
 Size (squid-3.5.7.tar.xz) = 2294580 bytes
 SHA1 (patch-compat_compat.h) = d6cd93fa7a6d0faad3bf1aca8ae4fa5c984fe288
-SHA1 (patch-configure) = 0c3370eead6e3f3a8534c26b74d6ef8f3f13ec8f
+SHA1 (patch-configure) = b8835c6abbe1ca98becc16bf3370b4f5018d3021
 SHA1 (patch-errors_Makefile.in) = afbac822ac84d5e1734d55fc625e949ae0b85289
 SHA1 (patch-src_Makefile.in) = 7233a92a4f6ecc06d88e125f08f7413e0741f3b6
 SHA1 (patch-src_SquidNew.cc) = eef6e72e168cf7f40518fab13dc2f55ed0268db9
 SHA1 (patch-src_base_TidyPointer.h) = d05017d7db904286afb02600ed3cc2f0f253b939
-SHA1 (patch-src_ip_Intercept.cc) = 80de6ca56d61e389641b35515e3509b264b1950f
+SHA1 (patch-src_ip_Intercept.cc) = 4dcab63def21137bfae25a2b514d876e5260af81
 SHA1 (patch-src_store.cc) = 055d98a59103b02a51876a5c8ffed9514954beb4
 SHA1 (patch-tools_Makefile.in) = 3a7678c63a11a35fabef091a3b18e63859f0796f
diff --git a/www/squid3/patches/patch-configure b/www/squid3/patches/patch-configure
index dd185440bb8..a95ab4d8275 100644
--- a/www/squid3/patches/patch-configure
+++ b/www/squid3/patches/patch-configure
@@ -1,11 +1,13 @@
-$NetBSD: patch-configure,v 1.8 2015/07/06 09:39:40 adam Exp $
+$NetBSD: patch-configure,v 1.9 2015/08/17 16:39:38 prlw1 Exp $
 
 * Portability fix.
+  http://bugs.squid-cache.org/show_bug.cgi?id=4306
 * Fix broken tests for IPFilter
+  http://bugs.squid-cache.org/show_bug.cgi?id=4301
 
---- configure.orig	2015-05-01 12:29:25.000000000 +0100
-+++ configure	2015-05-29 11:47:07.000000000 +0100
-@@ -32733,7 +32733,7 @@
+--- configure.orig	2015-08-01 06:10:24.000000000 +0000
++++ configure
+@@ -32753,7 +32753,7 @@ done
  ## Please see the COPYING and CONTRIBUTORS files for details.
  ##
  
@@ -14,7 +16,7 @@ $NetBSD: patch-configure,v 1.8 2015/07/06 09:39:40 adam Exp $
    BUILD_HELPER="kerberos"
  fi
  
-@@ -33292,7 +33292,7 @@
+@@ -33327,7 +33327,7 @@ done
  ## Please see the COPYING and CONTRIBUTORS files for details.
  ##
  
@@ -23,22 +25,39 @@ $NetBSD: patch-configure,v 1.8 2015/07/06 09:39:40 adam Exp $
    BUILD_HELPER="kerberos_ldap_group"
    if test "x$with_apple_krb5" = "xyes" ; then
      { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lresolv" >&5
-@@ -38708,7 +38708,7 @@
+@@ -38704,6 +38704,7 @@ if test "x$enable_ipf_transparent" != "x
+ /* end confdefs.h.  */
+ 
+ #     include <sys/types.h>
++#     include <sys/time.h>
+ #     include <sys/ioccom.h>
+ #     include <netinet/in.h>
+ 
+@@ -38733,6 +38734,7 @@ else
+ 
+ #define minor_t fubaar
+ #       include <sys/types.h>
++#       include <sys/time.h>
+ #       include <sys/ioccom.h>
+ #       include <netinet/in.h>
+ #undef minor_t
+@@ -38756,8 +38758,7 @@ $as_echo "yes" >&6; }
+ 
+ else
+ 
+-        { $as_echo "$as_me:${as_lineno-$LINENO}: result: unable to make IPFilter work with netinet/ headers" >&5
+-$as_echo "unable to make IPFilter work with netinet/ headers" >&6; }
++        as_fn_error $? "unable to make IPFilter work with netinet/ headers" "$LINENO" 5
  
-         { $as_echo "$as_me:${as_lineno-$LINENO}: result: unable to make IPFilter work with netinet/ headers" >&5
- $as_echo "unable to make IPFilter work with netinet/ headers" >&6; }
--
-+	squid_cv_broken_ipfilter_minor_t=0
  fi
  rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- 
-@@ -38751,6 +38751,9 @@
- #if HAVE_SYS_IOCCOM_H
- #include <sys/ioccom.h>
+@@ -38795,6 +38796,9 @@ ac_fn_cxx_check_header_compile "$LINENO"
+ #if HAVE_SYS_TYPES_H
+ #include <sys/types.h>
  #endif
-+#if HAVE_NET_IF_H
-+#include <net/if.h>
++#if HAVE_SYS_TIME_H
++#include <sys/time.h>
 +#endif
- #if USE_SOLARIS_IPFILTER_MINOR_T_HACK
- #undef minor_t
+ #if HAVE_NETINET_IN_H
+ #include <netinet/in.h>
  #endif
diff --git a/www/squid3/patches/patch-src_ip_Intercept.cc b/www/squid3/patches/patch-src_ip_Intercept.cc
index 843ad5d7eaa..5a9c94e99d8 100644
--- a/www/squid3/patches/patch-src_ip_Intercept.cc
+++ b/www/squid3/patches/patch-src_ip_Intercept.cc
@@ -1,28 +1,27 @@
-$NetBSD: patch-src_ip_Intercept.cc,v 1.4 2015/01/21 11:23:16 adam Exp $
+$NetBSD: patch-src_ip_Intercept.cc,v 1.5 2015/08/17 16:39:38 prlw1 Exp $
 
-Avoid conflict with IP Fitler's debug().
+Fix transparent proxying with IPFilter 5
+http://bugs.squid-cache.org/show_bug.cgi?id=4302
 
---- src/ip/Intercept.cc.orig	2015-01-13 12:52:01.000000000 +0000
+--- src/ip/Intercept.cc.orig	2015-08-01 06:08:17.000000000 +0000
 +++ src/ip/Intercept.cc
-@@ -21,6 +21,10 @@
- 
- #if IPF_TRANSPARENT
- 
-+#ifdef debug
-+#undef debug		// XXX: IP Filter might declare debug().
+@@ -200,6 +200,19 @@ Ip::Intercept::IpfInterception(const Com
+     // all fields must be set to 0
+     memset(&natLookup, 0, sizeof(natLookup));
+     // for NAT lookup set local and remote IP:port's
++    if (newConn->remote.isIPv6()) {
++#if IPFILTER_VERSION < 5000003
++        // warn once every 10 at critical level, then push down a level each repeated event
++        static int warningLevel = DBG_CRITICAL;
++        debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1");
++        warningLevel = ++warningLevel % 10;
++        return false;
++#else
++        natLookup.nl_v = 6;
++    } else {
++        natLookup.nl_v = 4;
 +#endif
-+
- #if !defined(IPFILTER_VERSION)
- #define IPFILTER_VERSION        5000004
- #endif
-@@ -68,6 +72,10 @@
- #include <netinet/ip_nat.h>
- #endif
- 
-+// Stolen from src/defines.h
-+#define debug(SECTION, LEVEL) \
-+        do_debug(SECTION, LEVEL) ? (void) 0 : _db_print
-+
- #endif /* IPF_TRANSPARENT required headers */
- 
- #if PF_TRANSPARENT
++    }
+     natLookup.nl_inport = htons(newConn->local.port());
+     newConn->local.getInAddr(natLookup.nl_inip);
+     natLookup.nl_outport = htons(newConn->remote.port());
author	prlw1 <prlw1@pkgsrc.org>	2015-08-17 16:39:38 +0000
committer	prlw1 <prlw1@pkgsrc.org>	2015-08-17 16:39:38 +0000
commit	0a6b1009d51135a2a72ad297b5e5629c8e755747 (patch)
tree	4195929fb4fa85aeafec8bcf3a9acb1ea93fdf9c /www/squid3
parent	ce00a51984af030e47bbd85ca21840d8a54e959b (diff)
download	pkgsrc-0a6b1009d51135a2a72ad297b5e5629c8e755747.tar.gz