git.ipfire.org Git - thirdparty/squid.git/commit

author	Amos Jeffries <squid3@treenet.co.nz>
	Tue, 16 Apr 2013 02:21:47 +0000 (20:21 -0600)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Tue, 16 Apr 2013 02:21:47 +0000 (20:21 -0600)
commit	b219204255c110294c25fbf4031fb1892e4d0ba1
tree	76c7cefdfa865d87cce5b02b865a2181af35048b	tree \| snapshot
parent	d37b645e0e8741d9140907fe5062007c0d1ddd41	commit \| diff

Polish TPROXY support for OpenBSD and FreeBSD

Current OpenBSD implementation of PF divert-to works similarly to TPROXY
and only requires a getsockname() lookup to locate the TCP packet
original destination.

We can use the same PF configuration to preform "intercept" option but
the old PF transparent code does lookups on /dev/pf which fails badly
on the new PF versions. getsockname() is what is really required and
already performed by TcpAcceptor on all incoming connections, so there
is no need for a special PF lookup code now.

Add a new ./configure option --with-nat-devpf to enable the old /dev/pf
NAT lookup code in a backward-compatible way for older OS versions and
OpenBSD based distros which have not yet ported the new PF code. The
option is disabled by default since the systems requiring it are fairly
old now.

Also remove the getsockname() lookup in the IPFW lookup implementation
which is redundant behind TcpAcceptor.

configure.ac		diff \| blob \| blame \| history
doc/release-notes/release-3.4.sgml		diff \| blob \| blame \| history
src/comm.cc		diff \| blob \| blame \| history
src/ip/Intercept.cc		diff \| blob \| blame \| history
src/ip/Intercept.h		diff \| blob \| blame \| history