From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sun, 16 Aug 2015 07:56:20 +0000 (-0700)
Subject: Bug 4302: IPFilter v5 transparent interception
X-Git-Tag: SQUID_4_0_1~131
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b2fb6c8a7608bbdab04cd51d0315cc3d1f32e996;p=thirdparty%2Fsquid.git

Bug 4302: IPFilter v5 transparent interception
---

diff --git a/src/ip/Intercept.cc b/src/ip/Intercept.cc
index 9e5f188005..1cd5ceac3b 100644
--- a/src/ip/Intercept.cc
+++ b/src/ip/Intercept.cc
@@ -200,6 +200,19 @@ Ip::Intercept::IpfInterception(const Comm::ConnectionPointer &newConn, int silen
     // all fields must be set to 0
     memset(&natLookup, 0, sizeof(natLookup));
     // for NAT lookup set local and remote IP:port's
+    if (newConn->remote.isIPv6()) {
+#if IPFILTER_VERSION < 5000003
+        // warn once every 10 at critical level, then push down a level each repeated event
+        static int warningLevel = DBG_CRITICAL;
+        debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1");
+        warningLevel = ++warningLevel % 10;
+        return false;
+#else
+        natLookup.nl_v = 6;
+    } else {
+        natLookup.nl_v = 4;
+#endif
+    }
     natLookup.nl_inport = htons(newConn->local.port());
     newConn->local.getInAddr(natLookup.nl_inip);
     natLookup.nl_outport = htons(newConn->remote.port());