From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 6 Apr 2009 13:33:04 +0000 (+1200)
Subject: Real quiet cache.log when TPROXY and NAT both active
X-Git-Tag: SQUID_3_2_0_1~1077
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9bad3e09cad7bca92e3acfaac8c7e53a9e9973c3;p=thirdparty%2Fsquid.git

Real quiet cache.log when TPROXY and NAT both active
---

diff --git a/src/ip/IpIntercept.cc b/src/ip/IpIntercept.cc
index 1ff03d4e7f..a7ff6fe40c 100644
--- a/src/ip/IpIntercept.cc
+++ b/src/ip/IpIntercept.cc
@@ -378,6 +378,11 @@ IpIntercept::NatLookup(int fd, const IpAddress &me, const IpAddress &peer, IpAdd
     debugs(89, 5, HERE << "address BEGIN: me= " << me << ", client= " << client <<
            ", dst= " << dst << ", peer= " << peer);
 
+    /* NP: try TPROXY first, its much quieter than NAT when non-matching */
+    if (transparent_active) {
+        if ( NetfilterTransparent(fd, me, dst, silent) == 0) return 0;
+    }
+
     if (intercept_active) {
         /* NAT methods that use sock-opts to return client address */
         if ( NetfilterInterception(fd, me, client, silent) == 0) return 0;
@@ -387,9 +392,6 @@ IpIntercept::NatLookup(int fd, const IpAddress &me, const IpAddress &peer, IpAdd
         if ( PfInterception(fd, me, client, dst, silent) == 0) return 0;
         if ( IpfInterception(fd, me, client, dst, silent) == 0) return 0;
     }
-    if (transparent_active) {
-        if ( NetfilterTransparent(fd, me, dst, silent) == 0) return 0;
-    }
 
 #else /* none of the transparent options configured */
     debugs(89, DBG_IMPORTANT, "WARNING: transparent proxying not supported");