From: adrian <> Date: Sun, 20 May 2007 10:22:43 +0000 (+0000) Subject: Implement FreeBSD ipfw based ip transparent interception using X-Git-Tag: SQUID_3_0_PRE7~251 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=68075fadeb96ffb90f1dfd3a539b3532714c5074;p=thirdparty%2Fsquid.git Implement FreeBSD ipfw based ip transparent interception using the getsockname() syscall. This returns the original destination IP rather than the local server IP. This behaviour existed in Squid-2 in the past; but was removed for some reason. --- diff --git a/configure.in b/configure.in index cf072dd942..85a6ba3775 100644 --- a/configure.in +++ b/configure.in @@ -1,7 +1,7 @@ dnl Configuration input file for Squid dnl -dnl $Id: configure.in,v 1.454 2007/05/13 10:57:41 hno Exp $ +dnl $Id: configure.in,v 1.455 2007/05/20 04:22:43 adrian Exp $ dnl dnl dnl @@ -11,7 +11,7 @@ AM_CONFIG_HEADER(include/autoconf.h) AC_CONFIG_AUX_DIR(cfgaux) AC_CONFIG_SRCDIR([src/main.cc]) AM_INIT_AUTOMAKE([tar-ustar]) -AC_REVISION($Revision: 1.454 $)dnl +AC_REVISION($Revision: 1.455 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE @@ -1140,6 +1140,18 @@ else AC_DEFINE(HTTP_VIOLATIONS, 0) fi +dnl Enable IPFW Transparent Proxy +AC_ARG_ENABLE(ipfw-transparent, +[ --enable-ipfw-transparent + Enable Transparent Proxy support for systems + using FreeBSD IPFW style redirection.], +[ if test "$enableval" = "yes" ; then + echo "IPFW Transparent Proxy enabled" + AC_DEFINE(IPFW_TRANSPARENT,1,[Enable support for Transparent Proxy on systems using FreeBSD IPFW address redirection.]) + IPFW_TRANSPARENT="yes" + fi +]) + dnl Enable IP-Filter Transparent Proxy AC_ARG_ENABLE(ipf-transparent, [ --enable-ipf-transparent diff --git a/include/autoconf.h.in b/include/autoconf.h.in index 021fae39d8..a5179a8c44 100644 --- a/include/autoconf.h.in +++ b/include/autoconf.h.in @@ -725,6 +725,10 @@ /* Enable ICAP client features in Squid */ #undef ICAP_CLIENT +/* Enable support for Transparent Proxy on systems using FreeBSD IPFW address + redirection. */ +#undef IPFW_TRANSPARENT + /* Enable support for Transparent Proxy on systems using IP-Filter address redirection. This provides "masquerading" support for non Linux system. */ #undef IPF_TRANSPARENT diff --git a/src/IPInterception.cc b/src/IPInterception.cc index 564d2aca94..a37b13e269 100644 --- a/src/IPInterception.cc +++ b/src/IPInterception.cc @@ -1,6 +1,6 @@ /* - * $Id: IPInterception.cc,v 1.16 2007/04/28 22:26:37 hno Exp $ + * $Id: IPInterception.cc,v 1.17 2007/05/20 04:22:45 adrian Exp $ * * DEBUG: section 89 NAT / IP Interception * AUTHOR: Robert Collins @@ -282,14 +282,29 @@ clientNatLookup(int fd, struct sockaddr_in me, struct sockaddr_in peer, struct s } } -#else +#elif IPFW_TRANSPARENT int - clientNatLookup(int fd, struct sockaddr_in me, struct sockaddr_in peer, struct sockaddr_in *dst) { - debugs(89, 1, "WARNING: transparent proxying not supported"); - return -1; + int ret; + struct sockaddr_in s; + int slen = sizeof(struct sockaddr_in); + + ret = getsockname(fd, (struct sockaddr *) &s, (socklen_t * )&slen); + if (ret < 0) { + debugs(89, 1, "clientNatLookup: getpeername failed (fd " << fd << "), errstr " << xstrerror()); + return -1; + } + *dst = s; + return 0; } +#else +int +clientNatLookup(int fd, struct sockaddr_in me, struct sockaddr_in peer, struct sockaddr_in *dst) +{ + debugs(89, 1, "WARNING: transparent proxying not supported"); + return -1; +} #endif