summaryrefslogtreecommitdiff
path: root/www/squid3/patches/patch-src_ip_Intercept.cc
diff options
context:
space:
mode:
Diffstat (limited to 'www/squid3/patches/patch-src_ip_Intercept.cc')
-rw-r--r--www/squid3/patches/patch-src_ip_Intercept.cc47
1 files changed, 23 insertions, 24 deletions
diff --git a/www/squid3/patches/patch-src_ip_Intercept.cc b/www/squid3/patches/patch-src_ip_Intercept.cc
index 843ad5d7eaa..5a9c94e99d8 100644
--- a/www/squid3/patches/patch-src_ip_Intercept.cc
+++ b/www/squid3/patches/patch-src_ip_Intercept.cc
@@ -1,28 +1,27 @@
-$NetBSD: patch-src_ip_Intercept.cc,v 1.4 2015/01/21 11:23:16 adam Exp $
+$NetBSD: patch-src_ip_Intercept.cc,v 1.5 2015/08/17 16:39:38 prlw1 Exp $
-Avoid conflict with IP Fitler's debug().
+Fix transparent proxying with IPFilter 5
+http://bugs.squid-cache.org/show_bug.cgi?id=4302
---- src/ip/Intercept.cc.orig 2015-01-13 12:52:01.000000000 +0000
+--- src/ip/Intercept.cc.orig 2015-08-01 06:08:17.000000000 +0000
+++ src/ip/Intercept.cc
-@@ -21,6 +21,10 @@
-
- #if IPF_TRANSPARENT
-
-+#ifdef debug
-+#undef debug // XXX: IP Filter might declare debug().
+@@ -200,6 +200,19 @@ Ip::Intercept::IpfInterception(const Com
+ // all fields must be set to 0
+ memset(&natLookup, 0, sizeof(natLookup));
+ // for NAT lookup set local and remote IP:port's
++ if (newConn->remote.isIPv6()) {
++#if IPFILTER_VERSION < 5000003
++ // warn once every 10 at critical level, then push down a level each repeated event
++ static int warningLevel = DBG_CRITICAL;
++ debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1");
++ warningLevel = ++warningLevel % 10;
++ return false;
++#else
++ natLookup.nl_v = 6;
++ } else {
++ natLookup.nl_v = 4;
+#endif
-+
- #if !defined(IPFILTER_VERSION)
- #define IPFILTER_VERSION 5000004
- #endif
-@@ -68,6 +72,10 @@
- #include <netinet/ip_nat.h>
- #endif
-
-+// Stolen from src/defines.h
-+#define debug(SECTION, LEVEL) \
-+ do_debug(SECTION, LEVEL) ? (void) 0 : _db_print
-+
- #endif /* IPF_TRANSPARENT required headers */
-
- #if PF_TRANSPARENT
++ }
+ natLookup.nl_inport = htons(newConn->local.port());
+ newConn->local.getInAddr(natLookup.nl_inip);
+ natLookup.nl_outport = htons(newConn->remote.port());