From: Amos Jeffries <squid3@treenet.co.nz>
Date: Thu, 6 Feb 2014 12:16:08 +0000 (-0700)
Subject: Regression Bug 3769: client_netmask not evaluated since Comm redesign
X-Git-Tag: SQUID_3_5_0_1~386
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=998ef291ce502cf6a781d44ab42aade91c812dcf;p=thirdparty%2Fsquid.git

Regression Bug 3769: client_netmask not evaluated since Comm redesign
---

diff --git a/src/AccessLogEntry.cc b/src/AccessLogEntry.cc
index d8c41efa6d..45cf014e02 100644
--- a/src/AccessLogEntry.cc
+++ b/src/AccessLogEntry.cc
@@ -15,17 +15,30 @@ AccessLogEntry::SslDetails::SslDetails(): user(NULL), bumpMode(::Ssl::bumpEnd)
 void
 AccessLogEntry::getLogClientIp(char *buf, size_t bufsz) const
 {
+    Ip::Address log_ip;
+
 #if FOLLOW_X_FORWARDED_FOR
     if (Config.onoff.log_uses_indirect_client && request)
-        request->indirect_client_addr.toStr(buf, bufsz);
+        log_ip = request->indirect_client_addr;
     else
 #endif
         if (tcpClient != NULL)
-            tcpClient->remote.toStr(buf, bufsz);
-        else if (cache.caddr.isNoAddr()) // e.g., ICAP OPTIONS lack client
+            log_ip = tcpClient->remote;
+        else if (cache.caddr.isNoAddr()) { // e.g., ICAP OPTIONS lack client
             strncpy(buf, "-", bufsz);
-        else
-            cache.caddr.toStr(buf, bufsz);
+            return;
+        } else
+            log_ip = cache.caddr;
+
+    // Apply so-called 'privacy masking' to IPv4 clients
+    // - localhost IP is always shown in full
+    // - IPv4 clients masked with client_netmask
+    // - IPv6 clients use 'privacy addressing' instead.
+
+    if (!log_ip.isLocalhost() && log_ip.isIPv4())
+        log_ip.applyMask(Config.Addrs.client_netmask);
+
+    log_ip.toStr(buf, bufsz);
 }
 
 AccessLogEntry::~AccessLogEntry()