Remove 'NAT' lookup restrictions from TPROXY lookups.

Now that TPROXY can do v6 we only need to protect the real NAT lookups
behind protocol family tests.

diff --git a/src/ip/IpIntercept.cc b/src/ip/IpIntercept.cc
index 4bd3b8b15626cf7ed96c882054b0c1f3a367509f..604faa010d2662d870576e1c7c8f51f24d9b370a 100644 (file)
--- a/src/ip/IpIntercept.cc
+++ b/src/ip/IpIntercept.cc
@@ -369,9 +369,6 @@ IpIntercept::NatLookup(int fd, const IpAddress &me, const IpAddress &peer, IpAdd
     client = me;
     dst = peer;
 
-    if ( !me.IsIPv4()   ) return -1;
-    if ( !peer.IsIPv4() ) return -1;
-
 #if 0
     // Crop interception errors down to one per minute.
     int silent = (squid_curtime - last_reported > 60 ? 0 : 1);
@@ -388,6 +385,10 @@ IpIntercept::NatLookup(int fd, const IpAddress &me, const IpAddress &peer, IpAdd
         if ( NetfilterTransparent(fd, me, dst, silent) == 0) return 0;
     }
 
+    /* NAT is only available in IPv6 */
+    if ( !me.IsIPv4()   ) return -1;
+    if ( !peer.IsIPv4() ) return -1;
+
     if (intercept_active) {
         /* NAT methods that use sock-opts to return client address */
         if ( NetfilterInterception(fd, me, client, silent) == 0) return 0;