{
#if IPF_TRANSPARENT /* --enable-ipf-transparent */
-#if defined(IPFILTER_VERSION) && (IPFILTER_VERSION >= 4000027)
- struct ipfobj obj;
-#else
- static int siocgnatl_cmd = SIOCGNATL & 0xff;
-#endif
struct natlookup natLookup;
static int natfd = -1;
int x;
-#if defined(IPFILTER_VERSION) && (IPFILTER_VERSION >= 4000027)
-
- obj.ipfo_rev = IPFILTER_VERSION;
- obj.ipfo_size = sizeof(natLookup);
- obj.ipfo_ptr = &natLookup;
- obj.ipfo_type = IPFOBJ_NATLOOKUP;
- obj.ipfo_offset = 0;
-#endif
-
+ // all fields must be set to 0
+ memset(natLookup, 0, sizeof(natLookup));
+ // for NAT lookup set local and remote IP:port's
natLookup.nl_inport = htons(newConn->local.GetPort());
newConn->local.GetInAddr(natLookup.nl_inip);
natLookup.nl_outport = htons(newConn->remote.GetPort());
newConn->remote.GetInAddr(natLookup.nl_outip);
+ // ... and the TCP flag
natLookup.nl_flags = IPN_TCP;
if (natfd < 0) {
if (natfd < 0) {
if (!silent) {
- debugs(89, DBG_IMPORTANT, HERE << "NAT open failed: " << xstrerror());
+ debugs(89, DBG_IMPORTANT, "IPF (IPFilter) NAT open failed: " << xstrerror());
lastReported_ = squid_curtime;
return false;
}
}
#if defined(IPFILTER_VERSION) && (IPFILTER_VERSION >= 4000027)
+ struct ipfobj obj;
+ memset(&obj, 0, sizeof(obj));
+ obj.ipfo_rev = IPFILTER_VERSION;
+ obj.ipfo_size = sizeof(natLookup);
+ obj.ipfo_ptr = &natLookup;
+ obj.ipfo_type = IPFOBJ_NATLOOKUP;
+
x = ioctl(natfd, SIOCGNATL, &obj);
#else
/*
* put something in configure and use ifdefs here, but
* this seems simpler.
*/
+ static int siocgnatl_cmd = SIOCGNATL & 0xff;
if (63 == siocgnatl_cmd) {
struct natlookup *nlp = &natLookup;
x = ioctl(natfd, SIOCGNATL, &nlp);
if (x < 0) {
if (errno != ESRCH) {
if (!silent) {
- debugs(89, DBG_IMPORTANT, HERE << "NAT lookup failed: ioctl(SIOCGNATL)");
+ debugs(89, DBG_IMPORTANT, "IPF (IPFilter) NAT lookup failed: ioctl(SIOCGNATL) (v=" << IPFILTER_VERSION << "): " << xstrerror());
lastReported_ = squid_curtime;
}
projects / thirdparty / squid.git / commitdiff
