From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 18 Sep 2009 06:35:42 +0000 (+1200)
Subject: Remove 'NAT' lookup restrictions from TPROXY lookups.
X-Git-Tag: SQUID_3_2_0_1~711
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=11298d0dfef134dec869139d680f72f773b404ac;p=thirdparty%2Fsquid.git

Remove 'NAT' lookup restrictions from TPROXY lookups.

Now that TPROXY can do v6 we only need to protect the real NAT lookups
behind protocol family tests.
---

diff --git a/src/ip/IpIntercept.cc b/src/ip/IpIntercept.cc
index 4bd3b8b156..604faa010d 100644
--- a/src/ip/IpIntercept.cc
+++ b/src/ip/IpIntercept.cc
@@ -369,9 +369,6 @@ IpIntercept::NatLookup(int fd, const IpAddress &me, const IpAddress &peer, IpAdd
     client = me;
     dst = peer;
 
-    if ( !me.IsIPv4()   ) return -1;
-    if ( !peer.IsIPv4() ) return -1;
-
 #if 0
     // Crop interception errors down to one per minute.
     int silent = (squid_curtime - last_reported > 60 ? 0 : 1);
@@ -388,6 +385,10 @@ IpIntercept::NatLookup(int fd, const IpAddress &me, const IpAddress &peer, IpAdd
         if ( NetfilterTransparent(fd, me, dst, silent) == 0) return 0;
     }
 
+    /* NAT is only available in IPv6 */
+    if ( !me.IsIPv4()   ) return -1;
+    if ( !peer.IsIPv4() ) return -1;
+
     if (intercept_active) {
         /* NAT methods that use sock-opts to return client address */
         if ( NetfilterInterception(fd, me, client, silent) == 0) return 0;