}
int
-IPIntercept::NetfilterTransparent(int fd, const IPAddress &me, IPAddress &dst, int silent)
+IPIntercept::NetfilterTransparent(int fd, const IPAddress &me, IPAddress &client, int silent)
{
#if LINUX_NETFILTER
* We will simply attempt a bind outgoing on our own IP.
*/
if(fd_table[fd].flags.transparent) {
- dst.SetPort(0); // allow random outgoing port to prevent address clashes
+ client.SetPort(0); // allow random outgoing port to prevent address clashes
return 0;
}
#endif
}
int
-IPIntercept::NatLookup(int fd, const IPAddress &me, const IPAddress &peer, IPAddress &dst)
+IPIntercept::NatLookup(int fd, const IPAddress &me, const IPAddress &peer, IPAddress &client, IPAddress &dst)
{
#if IPF_TRANSPARENT /* --enable-ipf-transparent */
- dst = me;
+ client = me;
if( !me.IsIPv4() ) return -1;
if( !peer.IsIPv4() ) return -1;
} else
{
if (me != natLookup.nl_realip) {
- dst = natLookup.nl_realip;
+ client = natLookup.nl_realip;
- dst.SetPort(ntohs(natLookup.nl_realport));
+ client.SetPort(ntohs(natLookup.nl_realport));
}
// else. we already copied it.
* This allows us to perform a nice clean failover sequence for them.
*/
- dst = me;
+ client = me;
+ dst = peer;
if( !me.IsIPv4() ) return -1;
if( !peer.IsIPv4() ) return -1;
#endif
if(intercept_active) {
- if( NetfilterInterception(fd, me, dst, silent) == 0) return 0;
- if( IPFWInterception(fd, me, dst, silent) == 0) return 0;
+ if( NetfilterInterception(fd, me, client, silent) == 0) return 0;
+ if( IPFWInterception(fd, me, client, silent) == 0) return 0;
}
if(transparent_active) {
if( NetfilterTransparent(fd, me, dst, silent) == 0) return 0;
}
- dst.SetEmpty();
+ client.SetEmpty();
memset(&nl, 0, sizeof(struct pfioc_natlook));
peer.GetInAddr(nl.saddr.v4);
} else
{
int natted = (me != nl.rdaddr.v4);
- dst = nl.rdaddr.v4;
- dst.SetPort(ntohs(nl.rdport));
+ client = nl.rdaddr.v4;
+ client.SetPort(ntohs(nl.rdport));
if (natted)
return 0;
result->port = cbdataReference(port);
if(port->intercepted || port->spoof_client_ip) {
- IPAddress dst;
+ IPAddress client, dst;
- if (IPInterceptor.NatLookup(fd, me, peer, dst) == 0) {
- result->me = dst; /* XXX This should be moved to another field */
+ if (IPInterceptor.NatLookup(fd, me, peer, client, dst) == 0) {
+ result->me = client;
+ result->peer = dst;
result->transparent(true);
}
}