diff options
Diffstat (limited to 'www/squid3/patches/patch-src_ip_Intercept.cc')
-rw-r--r-- | www/squid3/patches/patch-src_ip_Intercept.cc | 47 |
1 files changed, 23 insertions, 24 deletions
diff --git a/www/squid3/patches/patch-src_ip_Intercept.cc b/www/squid3/patches/patch-src_ip_Intercept.cc index 843ad5d7eaa..5a9c94e99d8 100644 --- a/www/squid3/patches/patch-src_ip_Intercept.cc +++ b/www/squid3/patches/patch-src_ip_Intercept.cc @@ -1,28 +1,27 @@ -$NetBSD: patch-src_ip_Intercept.cc,v 1.4 2015/01/21 11:23:16 adam Exp $ +$NetBSD: patch-src_ip_Intercept.cc,v 1.5 2015/08/17 16:39:38 prlw1 Exp $ -Avoid conflict with IP Fitler's debug(). +Fix transparent proxying with IPFilter 5 +http://bugs.squid-cache.org/show_bug.cgi?id=4302 ---- src/ip/Intercept.cc.orig 2015-01-13 12:52:01.000000000 +0000 +--- src/ip/Intercept.cc.orig 2015-08-01 06:08:17.000000000 +0000 +++ src/ip/Intercept.cc -@@ -21,6 +21,10 @@ - - #if IPF_TRANSPARENT - -+#ifdef debug -+#undef debug // XXX: IP Filter might declare debug(). +@@ -200,6 +200,19 @@ Ip::Intercept::IpfInterception(const Com + // all fields must be set to 0 + memset(&natLookup, 0, sizeof(natLookup)); + // for NAT lookup set local and remote IP:port's ++ if (newConn->remote.isIPv6()) { ++#if IPFILTER_VERSION < 5000003 ++ // warn once every 10 at critical level, then push down a level each repeated event ++ static int warningLevel = DBG_CRITICAL; ++ debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1"); ++ warningLevel = ++warningLevel % 10; ++ return false; ++#else ++ natLookup.nl_v = 6; ++ } else { ++ natLookup.nl_v = 4; +#endif -+ - #if !defined(IPFILTER_VERSION) - #define IPFILTER_VERSION 5000004 - #endif -@@ -68,6 +72,10 @@ - #include <netinet/ip_nat.h> - #endif - -+// Stolen from src/defines.h -+#define debug(SECTION, LEVEL) \ -+ do_debug(SECTION, LEVEL) ? (void) 0 : _db_print -+ - #endif /* IPF_TRANSPARENT required headers */ - - #if PF_TRANSPARENT ++ } + natLookup.nl_inport = htons(newConn->local.port()); + newConn->local.getInAddr(natLookup.nl_inip); + natLookup.nl_outport = htons(newConn->remote.port()); |