/*
- * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
+ * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
#define IPFILTER_VERSION 5000004
#endif
+#if HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
#if HAVE_SYS_IOCCOM_H
#include <sys/ioccom.h>
#endif
/* Trust the user configured properly. If not no harm done.
* We will simply attempt a bind outgoing on our own IP.
*/
- newConn->remote.port(0); // allow random outgoing port to prevent address clashes
debugs(89, 5, HERE << "address TPROXY: " << newConn);
return true;
#else
memset(&natLookup, 0, sizeof(natLookup));
// for NAT lookup set local and remote IP:port's
if (newConn->remote.isIPv6()) {
-#if IPFILTER_VERSION < 5000003
+#if HAVE_STRUCT_NATLOOKUP_NL_INIPADDR_IN6
+ natLookup.nl_v = 6;
+ newConn->local.getInAddr(natLookup.nl_inipaddr.in6);
+ newConn->remote.getInAddr(natLookup.nl_outipaddr.in6);
+ }
+ else {
+ natLookup.nl_v = 4;
+ newConn->local.getInAddr(natLookup.nl_inipaddr.in4);
+ newConn->remote.getInAddr(natLookup.nl_outipaddr.in4);
+ }
+#else
// warn once every 10 at critical level, then push down a level each repeated event
static int warningLevel = DBG_CRITICAL;
- debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1");
+ debugs(89, warningLevel, "Your IPF (IPFilter) NAT does not support IPv6. Please upgrade it.");
warningLevel = (warningLevel + 1) % 10;
return false;
-#else
- natLookup.nl_v = 6;
- } else {
- natLookup.nl_v = 4;
-#endif
}
- natLookup.nl_inport = htons(newConn->local.port());
newConn->local.getInAddr(natLookup.nl_inip);
- natLookup.nl_outport = htons(newConn->remote.port());
newConn->remote.getInAddr(natLookup.nl_outip);
+#endif
+ natLookup.nl_inport = htons(newConn->local.port());
+ natLookup.nl_outport = htons(newConn->remote.port());
// ... and the TCP flag
natLookup.nl_flags = IPN_TCP;
debugs(89, 9, HERE << "address: " << newConn);
return false;
} else {
+#if HAVE_STRUCT_NATLOOKUP_NL_REALIPADDR_IN6
+ if (newConn->remote.isIPv6())
+ newConn->local = natLookup.nl_realipaddr.in6;
+ else
+ newConn->local = natLookup.nl_realipaddr.in4;
+#else
newConn->local = natLookup.nl_realip;
+#endif
newConn->local.port(ntohs(natLookup.nl_realport));
debugs(89, 5, HERE << "address NAT: " << newConn);
return true;
}
memset(&nl, 0, sizeof(struct pfioc_natlook));
- newConn->remote.getInAddr(nl.saddr.v4);
- nl.sport = htons(newConn->remote.port());
- newConn->local.getInAddr(nl.daddr.v4);
+ if (newConn->remote.isIPv6()) {
+ newConn->remote.getInAddr(nl.saddr.v6);
+ newConn->local.getInAddr(nl.daddr.v6);
+ nl.af = AF_INET6;
+ } else {
+ newConn->remote.getInAddr(nl.saddr.v4);
+ newConn->local.getInAddr(nl.daddr.v4);
+ nl.af = AF_INET;
+ }
+
+ nl.sport = htons(newConn->remote.port());
nl.dport = htons(newConn->local.port());
- nl.af = AF_INET;
nl.proto = IPPROTO_TCP;
nl.direction = PF_OUT;
debugs(89, 9, HERE << "address: " << newConn);
return false;
} else {
- newConn->local = nl.rdaddr.v4;
+ if (newConn->remote.isIPv6())
+ newConn->local = nl.rdaddr.v6;
+ else
+ newConn->local = nl.rdaddr.v4;
newConn->local.port(ntohs(nl.rdport));
debugs(89, 5, HERE << "address NAT: " << newConn);
return true;